WordPress Plugin Simple Gmail Login - Stack Trace Information Disclosure

EDB-ID:

38111




Platform:

PHP

Date:

2012-12-07


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/56860/info

The Simple Gmail Login plugin for Wordpress is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Simple Gmail Login 1.1.3 and prior are vulnerable.

Fatal error: Uncaught exception 'Exception' with message
'DateTimeZone::__construct() [<a
href='datetimezone.--construct'>datetimezone.--construct</a>]: Unknown or bad timezone ()' in
C:\xampp\htdocs\wordpress\wp-content\plugins\simple-gmail-login\simple-gmail-login.php:229
Stack trace: #0
C:\xampp\htdocs\wordpress\wp-content\plugins\simple-gmail-login\simple-gmail-login.php(229): 
DateTimeZone->__construct('') #1
C:\xampp\htdocs\wordpress\wp-content\plugins\simple-gmail-login\simple-gmail-login.php(210): 
SimpleGmail_Plugin->log('Plugin activate...', false) #2 [internal
function]: SimpleGmail_Plugin->activate('') #3
C:\xampp\htdocs\wordpress\wp-includes\plugin.php(403): 
call_user_func_array(Array, Array) #4
C:\xampp\htdocs\wordpress\wp-admin\plugins.php(157): 
do_action('activate_simple...') #5 {main} thrown in C:\xampp\htdocs\wordpress\wp-content\plugins\simple-gmail-login\simple-gmail-login.php
on line 229