CVSS: 7.5EPSS: 90%CPEs: 19EXPL: 2CVE-2012-4915 – WordPress Plugin Google Document Embedder Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2012-4915
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. Vulnerabilidad de salto de directorio en el plugin Google Doc Embedder anterior a 2.5.4 para WordPress permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el parámetro file en libs/pdf.php. • https://www.exploit-db.com/exploits/23970 http://osvdb.org/88891 http://secunia.com/advisories/50832 http://www.securityfocus.com/bid/57133 https://exchange.xforce.ibmcloud.com/vulnerabilities/80930 http://web.archive.org/web/20130119141940/http://secunia.com/advisories/50832 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •