Summary
This host is installed with Wordpress
EasyCart and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote
attackers to disclose detailed system information.
Impact Level: Application
Solution
Upgrade to version 2.0.6 or higher,
For updates refer https://wordpress.org/plugins/wp-easycart
Insight
Flaw is due to improper handling of a
direct request for the /inc/admin/phpinfo.php script.
Affected
Wordpress EasyCart version 2.0.1
through 2.0.5
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read system info or not.
References
Severity
Classification
-
CVE CVE-2014-4942 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- Apache Struts Cross Site Scripting Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities