ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Filedownload Plugin 0.1 - Remote File Disclosure Vulnerability

Product
Filedownload
Description
TheCartPress plugin's "download.php" parameter is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. It causes such problems as sensitive information disclosure, corss-site scripting attacks, code execution on the web server.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0
Fixed In 1.2
Disclosure date
2011-09-19
Credits
Septemb0x