CVE-2016-20078

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion (LFI) vulnerability in pic.php that allows unauthenticated attackers to read arbitrary files via directory traversal in the URL. The impact includes potential exposure of sensitive data such as wp-config.php. CVSS metrics present...