Information Disclosure and Data Modification in Article2PDF Plugin by WordPress
CVE-2019-1010257

9.1CRITICAL

Key Information:

Vendor
Wordpress
Status
Article2PDF WordPress Plug-in
Vendor
CVE Published:
27 March 2019

Summary

The Article2PDF WordPress plugin is susceptible to an information disclosure and data modification vulnerability via the article2pdf_getfile.php file. By constructing a specific URL, attackers can override the path to PDF files, potentially allowing unauthorized access to PDF documents that the web server can read. Furthermore, if permissible by the server's configuration, downloaded files may be deleted post-retrieval. Additionally, on PHP versions preceding 5.3, a null termination exploit could permit reading of any file by manipulating the string prior to the extension.

Affected Version(s)

article2pdf Wordpress plug-in 0.24

article2pdf Wordpress plug-in 0.25

article2pdf Wordpress plug-in 0.26

References

https://wordpress.org/support/topic/pdf-download-path-imp...
x_refsource_MISC
https://seclists.org/bugtraq/2019/Mar/49
mailing-listx_refsource_BUGTRAQ
https://packetstormsecurity.com/files/152236/WordPress-ar...
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.