Security Advisory

CVE-2017-11658

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-07-26 15:00:00

Last updated 2024-08-05 18:12:40

Assigner mitre

State PUBLISHED

Description

In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.

← Browse all CVEs View on cve.org ↗