ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WPTF Image Gallery Plugin 1.0.3 - Aribtrary File Download

Product
WPTF Image Gallery
Description
WPTF Image Gallery plugin is prone to an arbitrary file download vulnerability via "/wptf-image-gallery/lib-mbox/ajax_load.php ". It allows an attacker to download arbitrary files from the web server and get potentially sensitive information.
Solution
Upgrade the plugin.
Classification
Type Local File Inclusion
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.3
Fixed In 1.0.4
Disclosure date
2015-08-10
Credits
Larry W. Cashdollar