CVE-2015-7669

9.8CRITICAL

Key Information:

Vendor
Wordpress
Status
Easy2map
Vendor
CVE Published:
27 December 2017

Summary

Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."

References

http://www.securityfocus.com/archive/1/536597/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://wordpress.org/plugins/easy2map/#developers
x_refsource_CONFIRM
https://wpvulndb.com/vulnerabilities/8206
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.