cve/2016/CVE-2016-7169.md

CVE-2016-7169

Description

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.

POC

Reference

• https://wpvulndb.com/vulnerabilities/8616

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Afetter618/WordPress-PenTest
• https://github.com/harrystaley/CSCI4349_Week9_Honeypot
• https://github.com/harrystaley/TAMUSA_CSCI4349_Week9_Honeypot