CVE-2017-1000170

HIGH EXPLOITED NUCLEI

jqueryFileTree <2.1.5 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2017-1000170 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Nicholas Ferreira, Nickguitar. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability in the WordPress Plugin Delightful Downloads Jquery File Tree (version <=1.6.6). It sends a POST request with a manipulated 'dir' parameter to traverse directories and access sensitive files.

Description

jqueryFileTree 2.1.5 and older Directory Traversal

Exploits (2)

exploitdb WORKING POC
by Nicholas Ferreira · phpwebappsphp
https://www.exploit-db.com/exploits/49693

This exploit demonstrates a path traversal vulnerability in the WordPress Plugin Delightful Downloads Jquery File Tree (version <=1.6.6). It sends a POST request with a manipulated 'dir' parameter to traverse directories and access sensitive files.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Delightful Downloads Jquery File Tree <=1.6.6
No auth needed
Prerequisites: Target must have the vulnerable plugin installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by Nickguitar · infoleak
https://github.com/Nickguitar/Jquery-File-Tree-1.6.6-Path-Traversal

This repository contains a functional exploit for CVE-2017-1000170, a path traversal vulnerability in jQuery File Tree versions <1.6.6. The exploit allows an attacker to list readable files and directories on the server by sending crafted requests to the vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: jQuery File Tree <1.6.6
No auth needed
Prerequisites: Target must have the vulnerable jQuery File Tree plugin installed and accessible
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
HIGHby dwisiswant0

References (2)

Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/jqueryfiletree/jqueryfiletree/issues/66

Scores

CVSS v3 7.5
EPSS 0.5761
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-01-03
CWE
CWE-22
Status published
Products (2)
jqueryfiletree_project/jqueryfiletree < 2.1.5
npm/jqueryfiletree 0npm
Published Nov 17, 2017
Tracked Since Feb 18, 2026