Published on October 11th, 2019 📆 | 1811 Views ⚑0
history-collection Plugin up to 1.1.1 on WordPress download.php var directory traversal
|CVSS Meta Temp Score||Current Exploit Price (≈)|
A vulnerability classified as critical has been found in history-collection Plugin up to 1.1.1 on WordPress (WordPress Plugin). Affected is an unknown code block of the file download.php. The manipulation of the argument
var as part of a Parameter leads to a directory traversal vulnerability. CWE is classifying the issue as CWE-22. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was released 10/10/2019. This vulnerability is traded as CVE-2015-9470 since 10/10/2019. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 10/10/2019).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.5
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Time: 🔒
10/10/2019 Advisory disclosed Check our Alexa App!
10/10/2019 +0 days VulDB entry created
10/10/2019 +0 days CVE assigned
10/10/2019 +0 days VulDB last update
CVE: CVE-2015-9470 (🔒)Created: 10/10/2019 09:37 PM
Check our Alexa App!