WordPress Cimy User Manager Plugin Arbitrary File Disclosure Vulnerability

The Cimy User Manager Plugin for WordPress is prone to an arbitrary file-disclosure vulnerability because it fails to properly sanitize user-supplied input.

A remote attacker can use directory-traversal sequences to retrieve arbitrary files in the context of the affected application.

Cimy User Manager 1.4.1 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus