cve/CVE-2023-1427.md at a8969e132322a214e7b78da5711159d6f891f0ab - cve - 临风笛

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

862 B

Raw Blame History

CVE-2023-1427

Description

The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

POC

Reference

https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946

Github

No PoCs found on GitHub currently.