NVD

Id
26624  
Name
CVE-2015-5482  
Description
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-08-18  
Modified Date
2016-12-21  
Seq
2015-5482  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
140880 26624 CVE-2015-5482 https://packetstormsecurity.com/files/132656/wpgdbbpress-lfi.txt  View
140881 26624 CVE-2015-5482 https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/  View
140882 26624 CVE-2015-5482 https://wordpress.org/plugins/gd-bbpress-attachments/changelog/  View
140883 26624 CVE-2015-5482 https://wpvulndb.com/vulnerabilities/8087  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9005 JVNDB-2015-004325 WordPress 用 GD bbPress Attachments プラグインにおけるディレクトリトラバーサルの脆弱性 WordPress 用 GD bbPress Attachments プラグインには、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2015-5482 82707 CVE-2015-5482 26624 4 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004325.html 2015-07-09 2015-08-24 View