CVE-2015-5482

Currently unrated

Key Information:

Vendor: Wordpress
Status: Gd Bbpress Attachments
Vendor: CVE Published:; 18 August 2015

Summary

Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.

References

https://wordpress.org/plugins/gd-bbpress-attachments/chan...

x_refsource_CONFIRM

https://wpvulndb.com/vulnerabilities/8087

x_refsource_MISC

https://security.dxw.com/advisories/local-file-include-vu...

x_refsource_MISC

Timeline

Vulnerability published
Aug 18, 2015
Vulnerability Reserved
Jul 10, 2015