CVE-2014-5368
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.4827 (48.3%)
Percentil: 97.8%
EPSS: 2026-05-06
Afecta
wp_content_source_control_project:wp_content_source_controlDescripción técnica
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
Publicada: 22/8/2014, 14:55:09
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://seclists.org/oss-sec/2014/q3/407
- http://seclists.org/oss-sec/2014/q3/417
- http://www.securityfocus.com/bid/69278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95374
- http://seclists.org/oss-sec/2014/q3/407
- http://seclists.org/oss-sec/2014/q3/417
- http://www.securityfocus.com/bid/69278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95374