Back to search
CVE-2015-4153
Published: Jun 10, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-201512-10
vendor-advisory
x_refsource_GENTOO
37200
exploit
x_refsource_EXPLOIT-DB
https://wordpress.org/plugins/zm-ajax-login-register/changelog/
x_refsource_CONFIRM
20150604 CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion]
mailing-list
x_refsource_BUGTRAQ
75041
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now