Vulnerability Description
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndeal | Advanced Dewplayer | 1.2 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2013/q4/566
- http://seclists.org/oss-sec/2013/q4/570
- http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directorVendor Advisory
- http://www.securityfocus.com/bid/64587Exploit
- http://seclists.org/oss-sec/2013/q4/566
- http://seclists.org/oss-sec/2013/q4/570
- http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directorVendor Advisory
- http://www.securityfocus.com/bid/64587Exploit
FAQ
What is CVE-2013-7240?
CVE-2013-7240 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
How severe is CVE-2013-7240?
CVE-2013-7240 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7240?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndeal Advanced Dewplayer, Wordpress Wordpress.