CVE-2015-10105
IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.
Es wurde eine kritische Schwachstelle in IP Blacklist Cloud Plugin bis 3.42 für WordPress gefunden. Es geht dabei um die Funktion valid_js_identifier der Datei ip_blacklist_cloud.php der Komponente CSV File Import. Mit der Manipulation des Arguments filename mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Ein Aktualisieren auf die Version 3.43 vermag dieses Problem zu lösen. Der Patch wird als 6e6fe8c6fda7cbc252eef083105e08d759c07312 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
The IP Blacklist Cloud plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 3.42 via the 'filename' parameter. This allows authenticated attackers, with administrative privileges, to read arbitrary files on the server that may contain sensitive information.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2015-03-07 CVE Published
- 2023-04-29 CVE Reserved
- 2024-11-22 CVE Updated
- 2024-12-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.227757 | Technical Description |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/wp-plugins/ip-blacklist-cloud/commit/6e6fe8c6fda7cbc252eef083105e08d759c07312 | 2024-05-17 | |
https://github.com/wp-plugins/ip-blacklist-cloud/releases/tag/3.43 | 2024-05-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ip-finder Search vendor "Ip-finder" | Ip Blacklist Cloud Search vendor "Ip-finder" for product "Ip Blacklist Cloud" | <= 3.42 Search vendor "Ip-finder" for product "Ip Blacklist Cloud" and version " <= 3.42" | wordpress |
Affected
|