CVE-2019-1010257

Public Exploit

Description

An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.

References

Link	Tags
https://wordpress.org/support/topic/pdf-download-path-improperly-sanitised/	third party advisory
https://seclists.org/bugtraq/2019/Mar/49	issue tracking mailing list exploit third party advisory
https://packetstormsecurity.com/files/152236/WordPress-article2pdf-0.24-DoS-File-Deletion-Disclosure.html	exploit vdb entry third party advisory
https://wpvulndb.com/vulnerabilities/9246	third party advisory

Frequently Asked Questions

What is the severity of CVE-2019-1010257?: CVE-2019-1010257 has been scored as a critical severity vulnerability.
How to fix CVE-2019-1010257?: To fix CVE-2019-1010257, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-1010257 being actively exploited in the wild?: It is possible that CVE-2019-1010257 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~5% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-1010257?: CVE-2019-1010257 affects article2pdf article2pdf Wordpress plug-in.

Description

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions