Description
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.
Remediation
References
Related Vulnerabilities
Apache version older than 1.3.34
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.05)
WordPress Plugin Price Commander for WooCommerce Security Bypass (1.2.2)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2947)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4301)