CVE-2007-6369 – PictPress <= 0.91 - Directory Traversal

https://notcve.org/view.php?id=CVE-2007-6369

Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter. Múltiples vulnerablidades de cruce de directorios en resize.php del plugin PictPress (0.91 y anteriores) para WordPress. Permite que atacantes remotos lean archivos a su elección, usando .. (punto punto) en los parámetros (1) size o (2) path. • https://www.exploit-db.com/exploits/4695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •