Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2015-4617 (GCVE-0-2015-4617)

Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 06:18

Summary

Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.

Severity

No CVSS data available.

CWE

Path traversal in easy2map-photos wordpress plugin v1.09

Assigner

larry_cashdollar

References

2 references

URL	Tags
https://wordpress.org/plugins/easy2map-photos	x_refsource_MISC
http://www.vapidlabs.com/advisory.php?v=130	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Steven Ellis	Easy2map-photos WordPress Plugin	Affected: 1.09

Date Public

2019-02-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:12.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/easy2map-photos"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vapidlabs.com/advisory.php?v=130"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Easy2map-photos WordPress Plugin",
          "vendor": "Steven Ellis",
          "versions": [
            {
              "status": "affected",
              "version": "1.09"
            }
          ]
        }
      ],
      "dateAssigned": "2015-06-08T00:00:00.000Z",
      "datePublic": "2019-02-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path traversal in easy2map-photos wordpress plugin v1.09",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-15T20:57:01.000Z",
        "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "shortName": "larry_cashdollar"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/easy2map-photos"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vapidlabs.com/advisory.php?v=130"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "larry0@me.com",
          "DATE_ASSIGNED": "2015-06-08",
          "ID": "CVE-2015-4617",
          "REQUESTER": "cve-assign@mitre.org",
          "STATE": "PUBLIC",
          "UPDATED": "2019-02-13T10:41Z"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Easy2map-photos WordPress Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "1.09",
                            "version_value": "1.09"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Steven Ellis"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path traversal in easy2map-photos wordpress plugin v1.09"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/easy2map-photos",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/easy2map-photos"
            },
            {
              "name": "http://www.vapidlabs.com/advisory.php?v=130",
              "refsource": "MISC",
              "url": "http://www.vapidlabs.com/advisory.php?v=130"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
    "assignerShortName": "larry_cashdollar",
    "cveId": "CVE-2015-4617",
    "datePublished": "2019-02-15T21:00:00.000Z",
    "dateReserved": "2015-06-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T06:18:12.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4615 (GCVE-0-2015-4615)

Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 06:18

Summary

Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables

Severity

No CVSS data available.

CWE

SQL Injection in easy2map-photos wordpress plugin v1.09

Assigner

larry_cashdollar

References

2 references

URL	Tags
http://www.vapid.dhs.org/advisory.php?v=130	x_refsource_MISC
https://wordpress.org/plugins/easy2map-photos	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Steven Ellis	Easy2map-photos WordPress Plugin	Affected: 1.09

Date Public

2019-02-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:12.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vapid.dhs.org/advisory.php?v=130"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/easy2map-photos"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Easy2map-photos WordPress Plugin",
          "vendor": "Steven Ellis",
          "versions": [
            {
              "status": "affected",
              "version": "1.09"
            }
          ]
        }
      ],
      "dateAssigned": "2015-06-08T00:00:00.000Z",
      "datePublic": "2019-02-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection in easy2map-photos wordpress plugin v1.09",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-15T20:57:01.000Z",
        "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "shortName": "larry_cashdollar"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vapid.dhs.org/advisory.php?v=130"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/easy2map-photos"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "larry0@me.com",
          "DATE_ASSIGNED": "2015-06-08",
          "ID": "CVE-2015-4615",
          "REQUESTER": "cve-assign@mitre.org",
          "STATE": "PUBLIC",
          "UPDATED": "2019-02-13T10:41Z"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Easy2map-photos WordPress Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "1.09",
                            "version_value": "1.09"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Steven Ellis"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection in easy2map-photos wordpress plugin v1.09"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vapid.dhs.org/advisory.php?v=130",
              "refsource": "MISC",
              "url": "http://www.vapid.dhs.org/advisory.php?v=130"
            },
            {
              "name": "https://wordpress.org/plugins/easy2map-photos",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/easy2map-photos"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
    "assignerShortName": "larry_cashdollar",
    "cveId": "CVE-2015-4615",
    "datePublished": "2019-02-15T21:00:00.000Z",
    "dateReserved": "2015-06-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T06:18:12.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Find a vulnerability

Search criteria

2 vulnerabilities by Steven Ellis

CVE-2015-4617 (GCVE-0-2015-4617)

CVE-2015-4615 (GCVE-0-2015-4615)