WordPress Plugin Gallery – ‘filename_1’ Arbitrary File Access

• Exploit Database
• 16 阅读

• 作者： Beni_Vanda
  日期： 2013-01-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38209/

• source: https://www.securityfocus.com/bid/57256/info
  
  The Gallery plugin for WordPress is prone to an arbitrary file-access vulnerability.
  
  Remote attackers can exploit this issue to read arbitrary files. This may lead to further attacks.
  
  Gallery 3.8.3 is vulnerable; other versions may also be affected.
  
  http://www.example.com/wp-content/plugins/gallery-plugin/gallery-plugin.php?filename_1=[AFR]