Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does WC have a directory transversal vulnerability? #17964

Closed
dsmithweb opened this issue Nov 30, 2017 · 4 comments
Closed

Does WC have a directory transversal vulnerability? #17964

dsmithweb opened this issue Nov 30, 2017 · 4 comments
Labels
status: can't reproduce Issues that can't be reproduced.

Comments

@dsmithweb
Copy link
Contributor

Hi there!

A user brings this to our attention: https://nvd.nist.gov/vuln/detail/CVE-2017-17058

The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory.

Allegedly, "When you dork with this,it will generate juciy information in parent
directory , for best practice filter according to the country
."

@claudiosanches
Copy link
Contributor

claudiosanches commented Nov 30, 2017

This "CVE-2017-17058" is very vague, and looking for the code, it's not possible a Directory Traversal Attack, since we stop all direct access in all template files with:

if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

So that report sounds like a false positive.

@claudiosanches claudiosanches added the status: can't reproduce Issues that can't be reproduced. label Nov 30, 2017
@attritionorg
Copy link

The VulnDB team at RBS determined this was an inaccurate report just before this ticket as well.

@fu2x2000
Copy link

fu2x2000 commented Jan 1, 2018

i think plugin should have sanitized ACL level then wouldn't do much , how ever its not false positive , footprinting takes major part in attacks.

@claudiosanches
Copy link
Contributor

@fu2x2000 you can do it on your server side instead of waiting for all plugins doing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: can't reproduce Issues that can't be reproduced.
Projects
None yet
Development

No branches or pull requests

4 participants