CVE-2012-4920

Zingiri Forum <1.4.4 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50833
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/plugins/zingiri-forum/changelog
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/89069
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/81156

Scores

EPSS 0.0320
EPSS Percentile 86.6%

Details

CWE
CWE-22
Status published
Products (20)
zingiri/forums 1.0.0
zingiri/forums 1.0.1
zingiri/forums 1.0.2
zingiri/forums 1.0.3
zingiri/forums 1.0.4
zingiri/forums 1.0.5
zingiri/forums 1.0.6
zingiri/forums 1.0.7
zingiri/forums 1.0.8
zingiri/forums 1.0.9
... and 10 more
Published Apr 04, 2014
Tracked Since Feb 18, 2026