Vulnerability Details : CVE-2015-3301
Potential exploit
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
Vulnerability category: Directory traversal
Products affected by CVE-2015-3301
- Thecartpress » Thecartpress Ecommerce Shopping Cart » For WordpressVersions up to, including, (<=) 1.3.9cpe:2.3:a:thecartpress:thecartpress_ecommerce_shopping_cart:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3301
14.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3301
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2015-3301
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3301
-
https://www.exploit-db.com/exploits/36860/
WordPress Plugin TheCartPress 1.3.9 - Multiple VulnerabilitiesExploit
-
https://www.htbridge.com/advisory/HTB23254
Multiple Vulnerabilities in TheCartPress WordPress plugin - HTB23254 Security Advisory | ImmuniWebExploit
-
http://www.securityfocus.com/bid/74395
WordPress TheCartPress Plugin Multiple Security Vulnerabilities
-
http://osvdb.org/show/osvdb/121439
-
http://www.securityfocus.com/archive/1/535396/100/0/threaded
SecurityFocus
-
http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html
WordPress TheCartPress 1.3.9 XSS / Local File Inclusion ≈ Packet StormExploit
-
https://wordpress.org/plugins/thecartpress/changelog/
TheCartPress eCommerce Shopping Cart – WordPress plugin | WordPress.orgPatch
Jump to