jRSS Widget Plugin for WordPress proxy.php 'url' Parameter Arbitrary File Access

medium Nessus Plugin ID 50576

Synopsis

The remote web server hosts a PHP script affected by an information disclosure vulnerability.

Description

The version of the jRSS Widget plugin for WordPress installed on the remote host does not sanitize input to the 'url' parameter of the 'proxy.php' script before using it to return the contents of a file.

An unauthenticated, remote attacker can exploit this issue to disclose the contents of sensitive files on the affected system subject to the privileges under which the web server operates.

Solution

Upgrade to version 1.2 or later.

See Also

http://www.nessus.org/u?ab246dc9

Plugin Details

Severity: Medium

ID: 50576

File Name: jrss_widget_url_file_disclosure.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 11/12/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 11/20/2010

Vulnerability Publication Date: 11/8/2010

Reference Information

BID: 44716