CVE-2021-24970 – All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion

https://notcve.org/view.php?id=CVE-2021-24970

The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue El plugin All-in-One Video Gallery de WordPress versiones anteriores a 2.5.0, no sanea ni comprueba el parámetro tab antes de usarlo en una sentencia requiere en el panel de administración, conllevando a un problema de inclusión de archivos locales • https://wpscan.com/vulnerability/9b15d47e-43b6-49a8-b2c3-b99c92101e10 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •