|
Description
|
|
Kévin Subileau has discovered a vulnerability in the Crayon Syntax Highlighter plugin for WordPress, which can be exploited by malicious users and by malicious people to disclose sensitive information.
Input passed via the "data-url" parameter related to posts and comments is not properly verified before being used to access files. This can be exploited to disclose the contents of arbitrary local files via directory traversal sequences.
Successful exploitation as an unauthenticated attacker requires "Allows Crayons inside comments" to be enabled.
The vulnerability is confirmed in version 2.6.10. Prior versions may be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Wordpress Crayon Syntax Highlighter Plugin 1.x
|
|
|
|
|
|
Solution
|
|
Update to version 2.7.0.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
Crayon Syntax Highlighter:
https://wordpress.org/plugins/crayon-syntax-highlighter/changelog/
Kévin Subileau:
http://www.kevinsubileau.fr/informatique/hacking-securite/crayon-syntax-highlighter-local-file-disclosure-vulnerability.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
