WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0) - Vulnerability Database

WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)

Description

WordPress Plugin PICA Photo Gallery is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin PICA Photo Gallery version 1.0 is vulnerable; prior versions may also be affected.

Remediation

Restrict access to the wp-content/plugins/pica-photo-gallery/picadownload.php script (e.g. via .htaccess) or disable the plugin until a fix is available

References

http://www.securityfocus.com/bid/53893/exploit

http://www.exploit-db.com/exploits/19016/

http://1337day.com/exploits/18487

http://packetstormsecurity.com/files/113404/WordPress-PICA-Photo-Gallery-1.0-File-Disclosure.html

http://secunia.com/advisories/49467/

Related Vulnerabilities

Severity

High

Classification

CWE-22

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N