What is CVE-2012-4915?

CVE-2012-4915 is a vulnerability in Davistribe Google_doc_embedder, classified under Path Traversal. Published 2014-05-29.

Is CVE-2012-4915 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Davistribe Google_doc_embedder

CVE-2012-4915

Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.774 (99.0th percentile) — read the EPSS interpretation.

Affected products

Davistribe Google_doc_embedder — versions 2.0, 2.1, 2.2
Wordpress
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

57133 (vdb-entry, x_refsource_BID)
googledocembedder-pdf-file-disclosure(80930) (vdb-entry, x_refsource_XF)
88891 (x_refsource_OSVDB, vdb-entry)
50832 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2012-4915?: CVE-2012-4915 is a vulnerability in Davistribe Google_doc_embedder, classified under Path Traversal. Published 2014-05-29.
Is CVE-2012-4915 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.