Wordpress Tera Charts Multiple Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with Wordpress Tera Charts and is prone to multiple directory traversal vulnerability.

Impact

Successful exploitation will allow remote attackers to download arbitrary files. Impact Level: Application

Solution

Upgrade to version 1.0 or higher, For updates refer https://wordpress.org/plugins/tera-charts

Insight

Flaw is due to the 'charts/treemap.php' and 'charts/zoomabletreemap.php' scripts are not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') via the 'fn' parameter.

Affected

Wordpress Tera Charts plugin version 0.1

Detection

Send a crafted data via HTTP GET request and check whether it is able to read arbitrary files or not.

References

http://www.osvdb.org/109028
http://www.osvdb.org/109029
https://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4940
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
/doc directory browsable ?
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities