CVE-2013-0724
Published May 27, 2014
Last updated 7 years ago
Overview
- Description
- PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.
- Source
- PSIRT-CNA@flexerasoftware.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpshopstyling:wp-ecommerce-shop-styling:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "1DC3F42D-BB0B-46AA-B289-BCA01191B114",
"versionEndIncluding": "1.7"
},
{
"criteria": "cpe:2.3:a:wpshopstyling:wp-ecommerce-shop-styling:1.0:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "09536AA3-F8AD-4F7D-8E22-B0690F3846FB"
},
{
"criteria": "cpe:2.3:a:wpshopstyling:wp-ecommerce-shop-styling:1.2:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "3DC12CE4-9CB5-4B38-BB7B-E8A023880DA7"
},
{
"criteria": "cpe:2.3:a:wpshopstyling:wp-ecommerce-shop-styling:1.3:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "7FF09860-E1ED-401B-9FCB-DAC8345AFE86"
},
{
"criteria": "cpe:2.3:a:wpshopstyling:wp-ecommerce-shop-styling:1.4:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "3AD98E98-0307-425E-8493-92689F92D890"
},
{
"criteria": "cpe:2.3:a:wpshopstyling:wp-ecommerce-shop-styling:1.5:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "510B14C9-E657-4F02-BD81-155DE49A584E"
},
{
"criteria": "cpe:2.3:a:wpshopstyling:wp-ecommerce-shop-styling:1.6:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "311A521B-E080-4A65-9F1C-D473AE317979"
}
],
"operator": "OR"
}
]
}
]