CVE-2014-4577
NUCLEIWP AmASIN - The Amazon Affiliate Shop < 0.9.6 - Path Traversal via reviews.php url Parameter
Title source: llmExploitation Summary
CVE-2014-4577 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
Nuclei Templates (1)
WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion
MEDIUMby DhiyaneshDK
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion
Vendor Advisory x_refsource_misc
http://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txt
Scores
EPSS
0.0182
EPSS Percentile
83.4%
Details
CWE
CWE-22
Status
published
Products (1)
websupporter/wp_amasin_-_the_amazon_affiliate_shop
< 0.9.6
Published
Oct 21, 2014
Tracked Since
Feb 18, 2026