CVE-2015-6668

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Job Manager
Vendor: CVE Published:; 19 October 2017

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-6668
Created by H3xL00m

CVE-2015-6668
Created by G01d3nW01f

References

https://wpvulndb.com/vulnerabilities/8167

x_refsource_MISC

https://vagmour.eu/cve-2015-6668-cv-filename-disclosure-o...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jun 27, 2024
👾
Exploit known to exist
Jun 27, 2024
Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Aug 24, 2015