ГлавнаяУязвимости → CVE-2017-20250
7.5высокая

CVE-2017-20250

Описание

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://www.apptha.com/https://www.exploit-db.com/exploits/41566https://www.vulncheck.com/advisories/wordpress-plugin-mac-photo-gallery-arbitrary-file-download