The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors.
References
Configurations
History
21 Nov 2024, 09:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178 - Product | |
References | () https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436 - Product | |
References | () https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512 - Product | |
References | () https://plugins.trac.wordpress.org/changeset/3098798/ - Patch | |
References | () https://wordpress.org/plugins/photo-gallery/#developers - Product, Release Notes | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
11 Jun 2024, 18:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
10web
10web photo Gallery |
|
CPE | cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-22 | |
References | () https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178 - Product | |
References | () https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436 - Product | |
References | () https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512 - Product | |
References | () https://plugins.trac.wordpress.org/changeset/3098798/ - Patch | |
References | () https://wordpress.org/plugins/photo-gallery/#developers - Product, Release Notes | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Jun 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-07 10:15
Updated : 2024-11-21 09:47
NVD link : CVE-2024-5481
Mitre link : CVE-2024-5481
CVE.ORG link : CVE-2024-5481
JSON object : View
Products Affected
10web
- photo_gallery
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')