Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1) - Vulnerability Database

WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)

Description

WordPress Plugin Tera Charts is prone to multiple local file inclusion vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Tera Charts version 0.1 is vulnerable.

Remediation

Update to plugin version 1.0 or latest

References

https://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/
http://www.securityfocus.com/bid/68662/exploit

Related Vulnerabilities

WordPress Plugin Spellchecker 'general.php' Local and Remote File Include Vulnerabilities (3.1) High
Common tags: Missing Update File Inclusion
WordPress Plugin Easy Digital Downloads-Recent Purchases Remote File Inclusion (1.0.2) High
Common tags: Missing Update File Inclusion
WordPress Plugin Ruben Boelinger WP-Table 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43) High
Common tags: Missing Update File Inclusion
WordPress Plugin Ruben Boelinger wordTube 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43) High
Common tags: Missing Update File Inclusion
WordPress Plugin myFlash Remote File Include (1.10) High
Common tags: Missing Update File Inclusion

Severity

High

Classification

CVE-2014-4940
CWE-22
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update
File Inclusion