Vulnerability Details CVE-2015-5609
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.3%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://www.openwall.com/lists/oss-security/2015/07/13/10
- http://www.openwall.com/lists/oss-security/2015/07/21/1
- http://www.vapid.dhs.org/advisory.php?v=135
- http://www.openwall.com/lists/oss-security/2015/07/13/10
- http://www.openwall.com/lists/oss-security/2015/07/21/1
- http://www.vapid.dhs.org/advisory.php?v=135
Products affected by CVE-2015-5609
-
cpe:2.3:a:image-export_project:image-export:1.1