漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. MP3-jPlayer is an audio plugin for WordPress.
The "mp3-jplayer/download.php" source file that is implemented in the affected versions of the WordPress MP3-jPlayer plugin fails to properly sanitize user supplied input received via the "mp3" parameter. A remote unauthenticated attacker could exploit this vulnerability by transmitting a malicious GET request directed at the script file, disclosing sensitive installation path.
Affected Versions:
WordPress MP3-jPlayer plugin versions 2.3.2 and prior
漏洞危害
Successful exploitation allows remote, unauthenticated attackers to disclose the WordPress installation path resulting in a loss of confidentiality.
解决方案
Customers are advised to download and install WordPress MP3-jPlayer plugin 2.3.3 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论