CVE-2016-20064

CVE-2016-20064 affects WP Vault 0.8.6.6, where an unauthenticated attacker can trigger a local file inclusion via an unescaped wpv-image GET parameter. The vulnerability allows traversal to access sensitive files (e.g., system configuration) due to improper handling in the include function. Accor...

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

WordPress Plugin WP Vault Local File Inclusion

Description: Type user access: any user. $GET“wpv-image” is not escaped in include file. File / Code: Path: /wp-content/plugins/wp-vault/trunk/wp-vault.php includedirnameFILE . "/images/" . $GET"wpv-image"; if isset$GET"wpvfileid" includedirnameFILE . "/wpv-file-handler.php"; exit; else if...

Wordpress WP Vault 0.8.6.6 Plugin - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: WP Vault 0.8.6.6 – Plugin WordPress – Local File Inclusion Date: 28/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-vault/ Software Link: https://wordpress.org/plugins/wp-vault/ Contact:...

Wordpress Plugin WP Vault Local File Inclusion Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Wordpress plugin WP Vault '$GET"wpv-image"' there is a local file inclusion vulnerability. Allowing an attacker...

WP Vault 0.8.6.6 - Unauthenticated Local File Inclusion (LFI)

The wp-vault WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability...