Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
References
Link | Resource |
---|---|
https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/36466/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2019-11-06 21:15
Updated : 2024-02-04 20:39
NVD link : CVE-2014-9014
Mitre link : CVE-2014-9014
CVE.ORG link : CVE-2014-9014
JSON object : View
Products Affected
wpmarketplace_project
- wpmarketplace
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')