The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.
References
Link | Resource |
---|---|
https://vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/ | Exploit Technical Description Third Party Advisory |
https://wpvulndb.com/vulnerabilities/8167 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-19T21:00:00
Updated: 2017-10-19T20:57:01
Reserved: 2015-08-24T00:00:00
Link: CVE-2015-6668
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-19T21:29:00.407
Modified: 2017-11-07T13:05:12.963
Link: CVE-2015-6668
JSON object: View
Redhat Information
No data.
CWE