Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-5187 PoC — WordPress Tom M8te插件目录遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-5187.yaml
Associated Vulnerability
Title:WordPress Tom M8te插件目录遍历漏洞 (CVE-2014-5187)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Tom M8te(tom-m8te)是其中的一个用于开发插件或主题框架的插件。 WordPress的Tom M8te(tom-m8te)插件1.5.3版本中存在目录遍历漏洞,该漏洞源于tom-download-file.php脚本未充分过滤‘file’参数。远程攻击者可利用该漏洞读取任意文件。
Description
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
File Snapshot

 id: CVE-2014-5187

info:
  name: Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal
  author: Dh

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.