CVE-2014-4940

NUCLEI

Tera Charts 0.1 - Path Traversal via fn Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-4940. PoCs published by Anant Shrivastava. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in the Tera Charts WordPress plugin. By manipulating the 'fn' parameter, an attacker can read arbitrary files on the server, such as '/etc/passwd'.

Description

Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Anant Shrivastava · textwebappsphp

https://www.exploit-db.com/exploits/39257

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion vulnerability in the Tera Charts WordPress plugin. By manipulating the 'fn' parameter, an attacker can read arbitrary files on the server, such as '/etc/passwd'.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Tera Charts WordPress plugin 0.1

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Anant Shrivastava · textwebappsphp

https://www.exploit-db.com/exploits/39256

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion (LFI) vulnerability in the Tera Charts WordPress plugin. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'fn' parameter in the 'treemap.php' script.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Tera Charts WordPress plugin 0.1

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Plugin Tera Charts - Local File Inclusion

MEDIUMby daffainfo

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/

Exploit, Patch x_refsource_confirm

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=851874%40tera-charts&old=799253%40tera-charts&sfp_email=&sfph_mail=

Scores

EPSS 0.4262

EPSS Percentile 97.6%

Details

CWE

CWE-22

Status published

Products (1)

tera_charts_plugin_project/tera-charts 0.1

Published Jul 11, 2014

Tracked Since Feb 18, 2026