Vulnerability Details : CVE-2015-5065
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
Vulnerability category: Directory traversal
Products affected by CVE-2015-5065
- Intelligent-it » Paypal Currency Converter Basic For Woocommerce » For WordpressVersions before (<) 1.4cpe:2.3:a:intelligent-it:paypal_currency_converter_basic_for_woocommerce:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5065
1.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5065
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-5065
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5065
-
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/changelog/
PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE – WordPress plugin | WordPress.orgPatch;Third Party Advisory
-
https://www.exploit-db.com/exploits/37253/
WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File ReadExploit;Third Party Advisory;VDB Entry
-
https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-basic-for-woocommerce
Changeset 1179092 for paypal-currency-converter-basic-for-woocommerce – WordPress Plugin RepositoryThird Party Advisory
-
http://packetstormsecurity.com/files/132278/WordPress-Paypal-Currency-Converter-Basic-For-Woocommerce-1.3-File-Read.html
WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/75416
WordPress Paypal Currency Converter Basic For Woocommerce Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to