Strike ID:
E19-0zyy1
CVSS:
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
False Positive:
t
Variants:
1
Year:
2019

Description

This strike exploits a local file inclusion vulnerability in WordPress Plugin Anti-Malware and Brute-Force Firewall 4.18.63. The vulnerability is due to improper sanitization of the base64 encoded GOTMLS scan parameter. By successfully exploiting this vulnerability, an authenticated attacker could retrieve arbitrary files from the target server.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}