ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Mailing List Plugin - Arbitrary File Download Vulnerability

Product
Mailing List
Description
Mailing List plugin is prone to an arbitrary file download vulnerability that allows an attacker to break into your system. Vulnerable script includes config.php file, which connects to database with supplied credentials. The bug is in config.php, but it is accessible from the other file.
Solution
Update the plugin.
Classification
Type Unknown
OWASP Top 10 A2: Broken Authentication and Session Management
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.4.2
Fixed In 1.4.3
Disclosure date
2011-12-26
Credits
6Scan