CVE-2014-5181
NUCLEIlastfm-rotation_plugin 1.0 - Path Traversal via snode Parameter
Title source: llmExploitation Summary
CVE-2014-5181 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
Nuclei Templates (1)
Last.fm Rotation 1.0 - Path Traversal
MEDIUMby DhiyaneshDK
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://codevigilant.com/disclosure/wp-plugin-lastfm-rotation-local-file-inclusion
Scores
EPSS
0.0023
EPSS Percentile
46.4%
Details
CWE
CWE-22
Status
published
Products (1)
last.fm_rotation_plugin_project/lastfm-rotation_plugin
1.0
Published
Aug 06, 2014
Tracked Since
Feb 18, 2026