1 results (0.003 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1
CVE-2015-1000007 – wptf-image-gallery <= 1.0.3 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2015-1000007
Remote file download vulnerability in wptf-image-gallery v1.03 Vulnerabilidad de descarga de archivo remoto en wptf-image-gallery v1.03 The wptf-image-gallery plugin for WordPress is vulnerable to Arbitrary File Downloads in versions up to, and including, 1.0.3 via the './wptf-image-gallery/lib-mbox/ajax_load.php' file. This makes it possible for unauthenticated attackers to download sensitive files from the vulnerable system. • http://www.vapidlabs.com/advisory.php?v=148 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •