Page 2 of 6 results (0.001 seconds)

CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 1

The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue El plugin All-in-One Video Gallery de WordPress versiones anteriores a 2.5.0, no sanea ni comprueba el parámetro tab antes de usarlo en una sentencia requiere en el panel de administración, conllevando a un problema de inclusión de archivos locales • https://wpscan.com/vulnerability/9b15d47e-43b6-49a8-b2c3-b99c92101e10 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •