Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: WordPress Google Maps Via Store Locator Plus Plugin Path Disclosu...
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
See the original Secunia advisory:
WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection
| Secunia | WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection |
|---|---|
 |
11th Jun, 2012 22:09 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
A weakness and a vulnerability have been discovered in the Google Maps Via Store Locator Plus plugin for WordPress, which can be exploited by malicious people to disclose system information and conduct SQL injection attacks. 1) An error exists due to the application displaying the installation path in debug output when accessing wp-content/plugins/store-locator-le/core/load_wp_c 2) Input passed via the "query" parameter to /wp-content/plugins/store-locator-le/downloadcsv.p The weakness and vulnerability are confirmed in version 3.0.1. Other versions may also be affected. |
| cybersprocket | RE: WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection | ||||||||
|
11th Jun, 2012 22:09 | ||||||||
| Score: 0 Posts: 1 User Since: 11th Jun 2012 System Score: N/A Location: US Last edited on 11th Jun, 2012 22:09 |
We are working on a patch for these issues. Version 3.05 will be out shortly (later this evening) with both security issues addressed. Thanks for the report. Cyber Sprocket Labs LLC "Silicon Harbor" Charleston SC USA www.cybersprocket.com |
||||||||
|
|||||||||
