Digital Publications by Supsystic < 1.6.12 – Authenticated Path Traversal

Description

The "Folder" tab under "Publications" is vulnerable to path traversal and exposes limited information, for example, the user can gain information regarding images stored in outside of the WordPress blog, ie, home directories.

Proof of Concept

Enter the following payload into the "Folder" input field of a Publication: ../../../../../home/test

Affects Plugins

digital-publications-by-supsystic

Fixed in 1.6.12

References

Exploitdb

49542

Classification

Type

TRAVERSAL

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

2.7 (low)

Miscellaneous

Original Researcher

Erik David Martin

Verified

Yes

WPVDB ID

bbd88bd2-b0aa-405f-936d-e19115950bd1

Timeline

Publicly Published

2021-02-08 (about 5 years ago)

Added

2021-02-08 (about 5 years ago)

Last Updated

2021-02-10 (about 5 years ago)

Other

Published

Title

Published

2023-12-01

Title

Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

Published

2024-06-24

Title

WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block

Published

2022-12-21

Title

Images Optimize and Upload CF7 < 2.2.1 - Unauthenticated Arbitrary File Deletion

Published

2021-07-24

Title

AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access

Published

2022-03-01

Title

String Locator < 2.5.0 - Admin+ Arbitrary File Read