cve/2023/CVE-2023-1427.md

### [CVE-2023-1427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1427)
![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%20by%2010Web&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.15%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)

### Description

- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

### POC

#### Reference
- https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-1427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1427)`
			`![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%20by%2010Web&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.15%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)`

			`### Description`

			`- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946`

			`#### Github`
			`No PoCs found on GitHub currently.`