CVE-2017-20248

WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download

CVSS 8.7 HIGHEPSS 0.6%CWE-22

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Apptha · Apptha Slider Gallery

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/41568unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.apptha.com/https://www.exploit-db.com/exploits/41568 https://www.vulncheck.com/advisories/wordpress-plugin-apptha-slider-gallery-path-traversal-file-download