Description

WordPress Plugin Page Flip Image Gallery is prone to a remote file disclosure vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Page Flip Image Gallery versions 0.2.2 and below are vulnerable.

Remediation

Update to the latest version

References

http://www.exploit-db.com/exploits/7543/

http://packetstormsecurity.com/files/view/73347/wppageflip-disclose.txt

http://secunia.com/advisories/33274/

Related Vulnerabilities

WordPress Incorrect Default Permissions Vulnerability (CVE-2011-1762)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18469)

XWiki Files or Directories Accessible to External Parties Vulnerability (CVE-2022-23621)

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39582)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.31)

Severity

High

Classification

CVE-2008-5752 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure