Summary
This host is installed with WordPress WP ecommerce Shop Styling Plugin and is prone to remote file inclusion vulnerability.
Impact
Successful exploitation may allow an attacker to obtain sensitive information, which can lead to launching further attacks.
Impact Level: Application
Solution
Upgrade to version 1.8 or higher.
For updates refer to http://wordpress.org/plugins/wp-ecommerce-shop-styling
Insight
Input passed via the 'id' HTTP GET parameter to /lp/index.php script is not properly sanitised before returning to the user.
Affected
WordPress WP ecommerce Shop Styling Plugin version 1.7.2, Other version may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2013-0724 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities