CVE-2014-8585

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
w3edendownload_manager
1.1
w3edendownload_manager
1.2
w3edendownload_manager
1.2.1
w3edendownload_manager
1.2.2
w3edendownload_manager
1.2.3
w3edendownload_manager
1.2.4
w3edendownload_manager
1.2.5
w3edendownload_manager
1.3
w3edendownload_manager
1.4
w3edendownload_manager
1.5
w3edendownload_manager
1.5.1
w3edendownload_manager
1.5.2
w3edendownload_manager
1.5.3
w3edendownload_manager
1.5.9
w3edendownload_manager
1.5.32
w3edendownload_manager
1.5.33
w3edendownload_manager
2.0.1
w3edendownload_manager
2.0.2
w3edendownload_manager
2.0.3
w3edendownload_manager
2.0.4
w3edendownload_manager
2.0.5
w3edendownload_manager
2.0.6
w3edendownload_manager
2.0.7
w3edendownload_manager
2.0.8
w3edendownload_manager
2.0.9
w3edendownload_manager
2.0.10
w3edendownload_manager
2.0.11
w3edendownload_manager
2.0.12
w3edendownload_manager
2.0.13
w3edendownload_manager
2.0.14
w3edendownload_manager
2.0.15
w3edendownload_manager
2.0.16
w3edendownload_manager
2.0.17
w3edendownload_manager
2.0.18
w3edendownload_manager
2.0.19
w3edendownload_manager
2.1.0
w3edendownload_manager
2.1.1
w3edendownload_manager
2.1.2
w3edendownload_manager
2.1.3
w3edendownload_manager
2.2.0
w3edendownload_manager
2.2.1
w3edendownload_manager
2.2.2
w3edendownload_manager
2.2.3
w3edendownload_manager
2.2.4
w3edendownload_manager
2.2.5
w3edendownload_manager
2.2.6
w3edendownload_manager
2.2.7
w3edendownload_manager
2.2.8
w3edendownload_manager
2.2.9
w3edendownload_manager
2.3.0
w3edendownload_manager
2.3.1
w3edendownload_manager
2.3.2
w3edendownload_manager
2.3.3
w3edendownload_manager
2.3.4
w3edendownload_manager
2.3.5
w3edendownload_manager
2.3.6
w3edendownload_manager
2.3.7
w3edendownload_manager
2.3.8
w3edendownload_manager
2.3.9
w3edendownload_manager
2.4.0
w3edendownload_manager
2.4.1
w3edendownload_manager
2.4.2
w3edendownload_manager
2.4.3
w3edendownload_manager
2.4.4
w3edendownload_manager
2.4.5
w3edendownload_manager
2.4.6
w3edendownload_manager
2.4.7
w3edendownload_manager
2.4.8
w3edendownload_manager
2.4.9
w3edendownload_manager
2.5.0
w3edendownload_manager
2.5.1
w3edendownload_manager
2.5.2
w3edendownload_manager
2.5.3
w3edendownload_manager
2.5.4
w3edendownload_manager
2.5.5
w3edendownload_manager
2.5.6
w3edendownload_manager
2.5.7
w3edendownload_manager
2.5.8
w3edendownload_manager
2.5.9
w3edendownload_manager
2.5.91
w3edendownload_manager
2.5.92
w3edendownload_manager
2.5.93
w3edendownload_manager
2.5.94
w3edendownload_manager
2.5.95
w3edendownload_manager
2.5.96
w3edendownload_manager
2.5.97
w3edendownload_manager
2.5.98
w3edendownload_manager
2.5.99
w3edendownload_manager
2.6.0
w3edendownload_manager
2.6.1
w3edendownload_manager
2.6.2
w3edendownload_manager
2.6.3
w3edendownload_manager
2.6.4
w3edendownload_manager
2.6.5
w3edendownload_manager
2.6.6
w3edendownload_manager
2.6.7
w3edendownload_manager
2.6.8
w3edendownload_manager
2.6.9
w3edendownload_manager
2.6.91
w3edendownload_manager
2.6.92
w3edendownload_manager
2.6.93
w3edendownload_manager
2.6.94
w3edendownload_manager
2.6.95
w3edendownload_manager
2.6.96
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/128852/WordPress-Download-Manager-Arbitrary-File-Download.html
http://www.securityfocus.com/bid/70764
https://exchange.xforce.ibmcloud.com/vulnerabilities/98318
http://packetstormsecurity.com/files/128852/WordPress-Download-Manager-Arbitrary-File-Download.html
http://www.securityfocus.com/bid/70764
https://exchange.xforce.ibmcloud.com/vulnerabilities/98318