CVE-2017-20250

WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

CVSS 8.7 HIGHEPSS 0.6%CWE-22

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Apptha · Mac Photo Gallery

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/41566no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.apptha.com/https://www.exploit-db.com/exploits/41566 https://www.vulncheck.com/advisories/wordpress-plugin-mac-photo-gallery-arbitrary-file-download