WordPress Crayon Syntax Highlighter Arbitrary File leakage Vulnerability
WordPress Crayon Syntax Highlighter Arbitrary File leakage Vulnerability
Release date:
Updated on:
Affected Systems:
WordPress Crayon Syntax Highlighter <= 2.6.10
Description:
Syntax Highlighter is a Syntax highlighted display built with PHP and jQuery.
The WordPress Crayon Syntax Highlighter plug-in has the information leakage vulnerability. Remote attackers can exploit this vulnerability to obtain sensitive information. Because the "data-url" parameter value of the comment and post is not correctly verified, remote attackers can obtain the content of any local file through the directory traversal sequence. To successfully exploit this vulnerability, you must enable "Allows Crayons inside comments ".
<* Source: kévin Subileau
*>
Suggestion:
Vendor patch:
WordPress
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://wordpress.org/plugins/crayon-syntax-highlighter/changelog/
Http://www.kevinsubileau.fr/informatique/hacking-securite/crayon-syntax-highlighter-local-file-disclosure-vulnerability.html
This article permanently updates the link address: