ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Lytebox Plugin 1.3 - Local File Inclusion

Product
Lytebox
Description
WP-Lytebox fails to properly sanitize user-supplied input, therefore it allows an attacker to include a file. An attacker can view files and execute scripts.
Solution
Upgrade to version 1.3.1 or later.
Classification
Type Local File Inclusion
References
Exploit-DB
CVE
Name CVE-2009-4672
Versions
Affected In <= 1.3
Fixed In 1.3.1
Disclosure date
2009-05-26
Credits
TurkGuvenligi