WordPress Plugin Gallery - 'filename_1' Arbitrary File Access

EDB-ID:

38209

CVE:





Platform:

PHP

Date:

2013-01-10


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/57256/info

The Gallery plugin for WordPress is prone to an arbitrary file-access vulnerability.

Remote attackers can exploit this issue to read arbitrary files. This may lead to further attacks.

Gallery 3.8.3 is vulnerable; other versions may also be affected.

http://www.example.com/wp-content/plugins/gallery-plugin/gallery-plugin.php?filename_1=[AFR]