Vulnerabilities > CVE-2018-7422 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Siteeditor Site Editor 1.0.0/1.1.0/1.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion. CVE-2018-7422. Webapps exploit for PHP platform. Tags: File Inclusion (LFI/RFI) |
| file | exploits/php/webapps/44340.txt |
| id | EDB-ID:44340 |
| last seen | 2018-05-24 |
| modified | 2018-03-23 |
| platform | php |
| port | 80 |
| published | 2018-03-23 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44340/ |
| title | Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/146796/wpsiteeditor111-lfi.txt |
| id | PACKETSTORM:146796 |
| last seen | 2018-03-23 |
| published | 2018-03-16 |
| reporter | Nicolas Buzy-Debat |
| source | https://packetstormsecurity.com/files/146796/WordPress-Site-Editor-1.1.1-Local-File-Inclusion.html |
| title | WordPress Site Editor 1.1.1 Local File Inclusion |