← back
CVE-2017-17058

CVE-2017-17058

CVSS 7.5 HIGHEPSS 23.7%CWE-22
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/fu2x2000/CVE-2017-17058-woo_exploit0cve_referencewww.exploit-db.com/exploits/43196/unverifiedcve_referencewww.exploit-db.com/ghdb/4613/unverifiedexploitdbwww.exploit-db.com/exploits/43196unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/woocommerce/woocommerce/issues/17964https://www.exploit-db.com/exploits/43196/https://www.exploit-db.com/ghdb/4613/