Wordpress Html5 Mp3 Player 'playlist.php' Path Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Wordpress Html5 Mp3 Player with Playlist plugin and is prone to path disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to discloses the software's installation path resulting in a loss of confidentiality. Impact Level: Application

Solution

Upgrade to version 2.7 or higher, For updates refer https://wordpress.org/plugins/html5-mp3-player-with-playlist

Insight

Flaw is triggered when a remote attacker sends a direct request for the /html5plus/playlist.php script.

Affected

Wordpress HTML5 MP3 Player with Playlist Free plugin before 2.7

Detection

Send a crafted data via HTTP GET request and check whether it is disclosing installation path or not.

References

http://h4x0resec.blogspot.in/2014/11/wordpress-html5-mp3-player-with.html
http://packetstormsecurity.com/files/129286
http://www.osvdb.org/115159
http://xforce.iss.net/xforce/xfdb/98988
https://wordpress.org/plugins/html5-mp3-player-with-playlist/changelog

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9177
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
AN Guestbook Local File Inclusion Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
/doc directory browsable ?

Take action and discover your vulnerabilities