CVE-2012-3588
Plugin Newsletter plugin 1.5 - Path Traversal via Data Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-3588. PoCs published by Sammy FORGIT.
AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in the WordPress Plugin Newsletter (version 1.5), allowing unauthorized access to sensitive files like wp-config.php or /etc/passwd via the 'data' parameter in preview.php.
Description
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.
Exploits (1)
This exploit demonstrates a directory traversal vulnerability in the WordPress Plugin Newsletter (version 1.5), allowing unauthorized access to sensitive files like wp-config.php or /etc/passwd via the 'data' parameter in preview.php.