Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/132278/WordPress-Paypal-Currency-Converter-Basic-For-Woocommerce-1.3-File-Read.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/75416 | Third Party Advisory VDB Entry |
https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-basic-for-woocommerce | Third Party Advisory |
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/changelog/ | Patch Third Party Advisory |
https://www.exploit-db.com/exploits/37253/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-06-24 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5065
Mitre link : CVE-2015-5065
CVE.ORG link : CVE-2015-5065
JSON object : View
Products Affected
intelligent-it
- paypal_currency_converter_basic_for_woocommerce
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')