ThreatPress

WordPress Vulnerabilities Database

Back

WordPress DukaPress Plugin <=2.5.3 - Directory Traversal

Product
DukaPress
Description
This vulnerability is in the "dp_img_resize" function in php/dp-functions.php. It allows the attackers to read arbitrary files in the "src" parameter to lib/dp_image.php.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
CVE Mitre
CVE
Name CVE-2014-8799
Versions
Affected In <= 2.5.3
Fixed In 2.5.4
Disclosure date
2014-11-13
Credits
Kacper Szurek