Summary
This host is installed with Wordpress NextGEN Gallery Plugin and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow remote attackers to read arbitrary file details on the target system.
Impact Level: Application
Solution
Upgrade to WordPress NextGEN Gallery version 2.0.7 or later, For updates refer to http://wordpress.org/plugins/nextgen-gallery
Insight
Flaw is due to the 'jquery.filetree/connectors/jqueryFileTree.php' script not properly sanitizing user input, specifically absolute paths passed via 'file' POST parameters.
Affected
WordPress NextGEN Gallery Plugin version 2.0.0, Other versions may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read local directory list or not.
References