CVE-2012-6652 Information

Description

Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/ https://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion/ https://www.openwall.com/lists/oss-security/2014/07/30/2 https://www.openwall.com/lists/oss-security/2014/07/31/8

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8