CVE-2016-20081

WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download

CVSS 8.7 HIGHEPSS 0.6%CWE-22

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Husain · HB Audio Gallery Lite

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/39589unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fr.wordpress.org/plugins/hb-audio-gallery-lite/https://www.exploit-db.com/exploits/39589 https://www.vulncheck.com/advisories/wordpress-plugin-hb-audio-gallery-lite-path-traversal-file-download