CVE-2014-2674

{"id": "CVE-2014-2674", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-03-19T21:29:00.487", "references": [{"url": "https://security.dxw.com/advisories/end-user-exploitable-local-file-inclusion-vulnerability-in-ajax-pagination-twitter-style-1-1/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.dxw.com/advisories/end-user-exploitable-local-file-inclusion-vulnerability-in-ajax-pagination-twitter-style-1-1/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el plugin Ajax Pagination (twitter Style) 1.1 para WordPress permite que atacantes remotos lean archivos arbitrarios mediante un \"..\" (punto punto) en el par\u00e1metro loop en una acci\u00f3n ajax_navigation en wp-admin/admin-ajax.php."}], "lastModified": "2024-11-21T02:06:46.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ajax-pagination_project:ajax-pagination:1.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A53E98EA-A0BE-4798-A32A-A404BA0320D7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}