Google Document Embedder 2.4.6 – pdf.php file Parameter Arbitrary File Disclosure | CVE 2012-4915

Affects Plugins

google-document-embedder

Fixed in 2.5.4

References

CVE

CVE-2012-4915

Exploitdb

23970

URL

exploit/unix/webapp/wp_google_document_embedder_exec

URL

https://packetstormsecurity.com/files/#119329/

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

Miscellaneous

Verified

Yes

WPVDB ID

cad29b33-c515-4fb2-a327-5d1d71b57917

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2023-05-22

Title

Unite Gallery Lite < 1.7.60 - Admin+ Local File Inclusion

Published

2025-03-19

Title

Event Manager, Events Calendar, Tickets, Registrations – Eventin < 4.0.25 - Authenticated (Contributor+) Local File Inclusion

Published

2014-12-16

Title

DB Backup < 5.0 - Path Traversal File Access

Published

2018-04-06

Title

WP Background Takeover <= 4.1.4 - Directory Traversal

Published

2025-03-21

Title

Export and Import Users and Customers < 2.6.3 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function