CVE-2013-7240 – Advanced Dewplayer < 1.3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2013-7240
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. Vulnerabilidad de salto de directorio en download-file.php en el plugin Advanced Dewplayer 1.2 para WordPress permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro dew_file. • https://www.exploit-db.com/exploits/38936 http://seclists.org/oss-sec/2013/q4/566 http://seclists.org/oss-sec/2013/q4/570 http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal http://www.securityfocus.com/bid/64587 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •