[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: WordPress plugin wppageflip index.php pageflipbook_language paramete
From:       cve-assign () mitre ! org
Date:       2014-07-31 15:45:09
Message-ID: 20140731154509.2B8ED6C0262 () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Can I get 2012 CVE for following vulnerability in A Page Flip Book plugin for
> WordPress (wppageflip)
> 
> http://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion
> http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/
> 
> input passed to the wp-content/plugins/wppageflip/pageflipbook.php script from
> index.php is not properly sanitizing user input, specifically directory
> traversal style attacks (e.g., ../../) supplied to the 'pageflipbook_language'
> parameter

The wording seems a bit garbled ("is not properly sanitizing user input" should
probably be "is not properly sanitized") but it's fairly obvious what is meant.

Use CVE-2012-6652.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT2mO5AAoJEKllVAevmvmsGCwH/iYX5kdurISZLd3nYpBiGhHG
ITPJbO7rTWqm7VcalPBUKSYkdzZcav5flA/zxm79A/v4uC+rgr7+tPbCjCQaVcHF
4RwOt/T9EClb5sDSBh3d308byiTavEqO1iIONsirQriJLzOvXZJsIAzdVv2EGnFD
eEUNueyu6izaFTW4uYIkfwSZCoJw9Kbkdb0Jo8e16KJdFHtzkolEwQdSk/9Jzk51
yVrQrAOmVHizdeuR471/Zm8g1GXsIYGf96HfM5J5s7vEdk1rEwPHICMH/EU9Hpjg
LjleUoNYyVv+Lz0sDZNZjwvG6sPGeX8J98PHLSrFf2SFrPCf+V5CthjVQslMROA=
=EuG/
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]