CVE-2023-1427

Published: Apr 17, 2023Modified: Feb 6, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

Affected (1)

Products: 10web: Photo Gallery

10web

1 product

Photo Gallery

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
10web Photo Gallery	Before 1.8.15

References (2)

https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.