cve/2015/CVE-2015-4414.md

CVE-2015-4414

Description

Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

POC

Reference

• http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html
• https://wpvulndb.com/vulnerabilities/8032
• https://www.exploit-db.com/exploits/37274/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates