CVE-2015-4616

easy2map < 1.2.4 - Unauthenticated Path Traversal and Arbitrary File Write via MapPinImageSave.php map_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4616. PoCs published by Larry W. Cashdollar.

AI-analyzed exploit summary The exploit demonstrates SQL injection and directory traversal vulnerabilities in the easy2map WordPress plugin v1.24. It uses sqlmap to exploit unsanitized input in the 'mapID' and 'mapName' parameters, and highlights a path traversal issue in MapPinImageSave.php.

Description

Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.

Exploits (1)

exploitdb WORKING POC

by Larry W. Cashdollar · textwebappsphp

https://www.exploit-db.com/exploits/37534

View Code ZIP pw:eip

The exploit demonstrates SQL injection and directory traversal vulnerabilities in the easy2map WordPress plugin v1.24. It uses sqlmap to exploit unsanitized input in the 'mapID' and 'mapName' parameters, and highlights a path traversal issue in MapPinImageSave.php.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: easy2map WordPress plugin v1.24

Auth required

Prerequisites: WordPress installation with easy2map plugin v1.24 · Valid admin session cookie

MITRE ATT&CK