Summary
The teachPress plug-in for WordPress is prone to multiple local file include vulnerabilities because it fails to adequately validate user- supplied input.
An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer
other attacks are also possible.
teachPress 2.3.2 is vulnerable
prior versions may also be affected.
Solution
Vendor updates are available. Please see the references for more information.
References
- http://plugins.trac.wordpress.org/changeset/405672/teachpress/trunk/export.php?old=340149&old_path=teachpress%2Ftrunk%2Fexport.php
- http://plugins.trac.wordpress.org/changeset/405672/teachpress/trunk/feed.php?old=340149&old_path=teachpress%2Ftrunk%2Ffeed.php
- http://wordpress.org/
- http://wordpress.org/extend/plugins/teachpress/
- http://www.securityfocus.com/bid/50105
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- /cgi-bin directory browsable ?
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability