WordPress up to 1.44 wp-Table Plugin wptable-button.php wpPATH path traversal
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.3 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in WordPress up to 1.44. Affected by this vulnerability is an unknown functionality of the file wptable-button.php of the component wp-Table Plugin. The manipulation of the argument wpPATH leads to path traversal. This vulnerability is uniquely identified as CVE-2007-2483. Moreover, an exploit is present. You should upgrade the affected component.
Details
A vulnerability was found in WordPress up to 1.44 (Content Management System) and classified as critical. This issue affects some unknown functionality of the file wptable-button.php of the component wp-Table Plugin. The manipulation of the argument wpPATH with an unknown input leads to a path traversal vulnerability. Using CWE to declare the problem leads to CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Impacted is confidentiality, and integrity. The summary by CVE is:
Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter.
The weakness was disclosed 05/02/2007 by M.Hasran "K-159" Addahroni (Website). It is possible to read the advisory at exploit-db.com. The identification of this vulnerability is CVE-2007-2483 since 05/03/2007. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known. The attack technique deployed by this issue is T1006 according to MITRE ATT&CK.
A public exploit has been developed by K-159 and been published even before and not after the advisory. The exploit is available at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $25k-$100k. By approaching the search of inurl:wptable-button.php it is possible to find vulnerable targets with Google Hacking.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (33989), Exploit-DB (3824), OSVDB (34357†) and Secunia (SA25063†). The entries VDB-36594, VDB-36593, VDB-36592 and VDB-36591 are pretty similar. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
- 1.0
- 1.1
- 1.2
- 1.3
- 1.4
- 1.5
- 1.6
- 1.7
- 1.8
- 1.9
- 1.10
- 1.11
- 1.12
- 1.13
- 1.14
- 1.15
- 1.16
- 1.17
- 1.18
- 1.19
- 1.20
- 1.21
- 1.22
- 1.23
- 1.24
- 1.25
- 1.26
- 1.27
- 1.28
- 1.29
- 1.30
- 1.31
- 1.32
- 1.33
- 1.34
- 1.35
- 1.36
- 1.37
- 1.38
- 1.39
- 1.40
- 1.41
- 1.42
- 1.43
- 1.44
License
Website
- Product: https://wordpress.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.8VulDB Meta Temp Score: 4.6
VulDB Base Score: 4.8
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: K-159
Download: 🔍
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
05/01/2007 🔍05/01/2007 🔍
05/02/2007 🔍
05/02/2007 🔍
05/02/2007 🔍
05/03/2007 🔍
05/03/2007 🔍
05/10/2007 🔍
09/09/2024 🔍
Sources
Product: wordpress.comAdvisory: exploit-db.com
Researcher: M.Hasran "K-159" Addahroni
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-2483 (🔍)
GCVE (CVE): GCVE-0-2007-2483
GCVE (VulDB): GCVE-100-3047
X-Force: 33989 - Wp-table wptable-button.php file include, Medium Risk
Secunia: 25063 - WordPress wp-Table Plugin "wpPATH" File Inclusion, Highly Critical
OSVDB: 34357 - wp-Table Plugin for WordPress wptable-button.php wpPATH Parameter Remote File Inclusion
Vupen: ADV-2007-1614
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 05/10/2007 12:54Updated: 09/09/2024 15:42
Changes: 05/10/2007 12:54 (72), 08/06/2017 14:45 (8), 09/09/2024 15:42 (22)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.