6 matches found
CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...
CVE-2016-20064
CVE-2016-20064 affects WP Vault 0.8.6.6, where an unauthenticated attacker can trigger a local file inclusion via an unescaped wpv-image GET parameter. The vulnerability allows traversal to access sensitive files (e.g., system configuration) due to improper handling in the include function. Accor...
WordPress Plugin WP Vault Local File Inclusion
Description: Type user access: any user. $GET“wpv-image” is not escaped in include file. File / Code: Path: /wp-content/plugins/wp-vault/trunk/wp-vault.php includedirnameFILE . "/images/" . $GET"wpv-image"; if isset$GET"wpvfileid" includedirnameFILE . "/wpv-file-handler.php"; exit; else if...
Wordpress Plugin WP Vault Local File Inclusion Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Wordpress plugin WP Vault '$GET"wpv-image"' there is a local file inclusion vulnerability. Allowing an attacker...
Wordpress WP Vault 0.8.6.6 Plugin - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: WP Vault 0.8.6.6 – Plugin WordPress – Local File Inclusion Date: 28/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-vault/ Software Link: https://wordpress.org/plugins/wp-vault/ Contact:...
WP Vault 0.8.6.6 - Unauthenticated Local File Inclusion (LFI)
The wp-vault WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability...