Lucene search
HistoryApr 17, 2023 - 1:15 p.m.
CVE-2023-1427
cve-2023-1427
photo gallery
10web
wordpress
plugin
path traversal
nvd
security vulnerability
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
23.6%
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
Affected configurations
Node
10webphoto_galleryRange<1.8.15
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 10web | photo_gallery | * | cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Photo Gallery by 10Web",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.8.15"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
2023-03-27 00:00:00
prion
prion
Path traversal
2023-04-17 13:15:00
cvelist
cvelist
CVE-2023-1427 Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
2023-04-17 12:17:41
openvas
openvas
WordPress Photo Gallery Plugin < 1.8.15 Path Traversal Vulnerability
2023-04-18 00:00:00
wpexploit
wpexploit
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
2023-03-27 00:00:00
nvd
nvd
CVE-2023-1427
2023-04-17 13:15:38
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
23.6%
Related for CVE-2023-1427