OSVDB ID: 86155

Title: eShop Magic Plugin for WordPress wp-content/plugins/eshop-magic/download.php file Parameter Traversal Arbitrary File Access

Info

Disclosure

Oct 11, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 11, 2012

Description

eShop Magic Plugin for WordPress contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the wp-content/plugins/eshop-magic/download.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'file' parameter. This directory traversal attack would allow the attacker to gain access to arbitrary files.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Third-party Verified
OSVDB: Web Related

Solution

Upgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

paulswebsolutions

eShop Magic Plugin for WordPress

0.1

References

Secunia Advisory ID: 50933
Vendor Specific News/Changelog Entry: http://wordpress.org/extend/plugins/eshop-magic/changelog/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86155