Vulnerabilities > CVE-2007-2482 - Remote File Include vulnerability in WordPress Plugins

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
ruben-boelinger
exploit available

Summary

Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter.

Vulnerable Configurations

Part Description Count
Application
Ruben_Boelinger
1

Exploit-Db

descriptionWordpress plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability. CVE-2007-2481,CVE-2007-2482. Webapps exploit for php platform
fileexploits/php/webapps/3825.txt
idEDB-ID:3825
last seen2016-01-31
modified2007-05-01
platformphp
port
published2007-05-01
reporterK-159
sourcehttps://www.exploit-db.com/download/3825/
titleWordPress plugin wordTube <= 1.43 - wpPATH RFI Vulnerability
typewebapps