Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2015-1579

Description

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.

POC

Reference

- https://wpvulndb.com/vulnerabilities/7540

Github

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/hktalent/TOP

- https://github.com/kpwn/vpwn

- https://github.com/paralelo14/CVE-2015-1579

- https://github.com/paralelo14/WordPressMassExploiter

- https://github.com/paralelo14/google_explorer