Directory Traversal Vulnerability in GD Rating System Plugin by WordPress
CVE-2018-5291

7.5HIGH

Key Information:

Vendor
Wordpress
Status
Gd Rating System
Vendor
CVE Published:
8 January 2018

Summary

The GD Rating System plugin version 2.3 for WordPress is vulnerable to directory traversal attacks through the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. This flaw could allow malicious users to access sensitive files on the server, posing a significant risk to the integrity and privacy of the web application. It is critical for users of this plugin to review their configurations and apply necessary patches or mitigations to secure their installations.

References

https://wpvulndb.com/vulnerabilities/8995
x_refsource_MISC
https://github.com/d4wner/Vulnerabilities-Report/blob/mas...
x_refsource_MISC
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-l...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.