Description
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.
Remediation
References
Related Vulnerabilities
WordPress Plugin Menu Image Malware/Addware Notification (2.6.9)
Apache Tomcat WAR file directory traversal vulnerability
MySQL CVE-2021-2339 Vulnerability (CVE-2021-2339)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2009-1387)
WordPress Plugin jcwp youtube channel embed Cross-Site Scripting (1.5.2)