Short Name |
HTTP:PHP:WP-SLIDER-REV-AFD |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
WordPress Slider Revolution Responsive Plug-In Arbitrary File Download |
Release Date |
2014/09/01 |
Update Number |
2414 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit known flaws in the Slider Revolution Responsive WordPress plug-in. A successful attack could result in arbitrary files being downloaded from the server, including sensitive system files containing system configuration files, administrative credentials, and server databases.
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.