CVE-2012-6652

CRITICAL

Page Flip Book - Path Traversal via pageflipbook_language Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.

References (4)

Core 4
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2014/07/30/2
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2014/07/31/8

Scores

CVSS v3 9.8
EPSS 0.0442
EPSS Percentile 90.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
page_flip_book_project/page_flip_book
Published May 13, 2019
Tracked Since Feb 18, 2026