Description
Acunetix uploaded a ZIP file containing a symlink to /etc/passwd. It looks like that web application processed this file and returned the contents of /etc/passwd in response.
Remediation
The web application should filter symlinks included inside ZIP files.
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-17671)
WordPress Plugin WP Symposium Arbitrary File Upload (14.11)
[Possible] Password Transmitted over Query String
WordPress Plugin Slideshow Information Disclosure (2.2.21)
WordPress Plugin wpcu3er 'ajaxReq.php' Arbitrary File Upload (0.55)