Directory Traversal Vulnerability in WP Content Source Control Plugin for WordPress
CVE-2014-5368

Currently unrated

Key Information:

Vendor

Wordpress
Status
WP Content Source Control
Vendor
CVE Published:
22 August 2014

What is CVE-2014-5368?

A directory traversal vulnerability exists in the WP Content Source Control plugin for WordPress, specifically in the file_get_contents function located in downloadfiles/download.php. This vulnerability can be exploited by remote attackers who craft a malicious request with a manipulated path parameter, enabling them to read arbitrary files on the server. This poses significant risks to the confidentiality of sensitive information and compromises the integrity of the server's file system.

References

http://www.securityfocus.com/bid/69278
vdb-entryx_refsource_BID
http://seclists.org/oss-sec/2014/q3/417
mailing-listx_refsource_MLIST
http://seclists.org/oss-sec/2014/q3/407
mailing-listx_refsource_MLIST

EPSS Score

53% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.