Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin PictPress 'resize.php' Multiple Local File Include Vulnerabilities (1.0) - Vulnerability Database

WordPress Plugin PictPress 'resize.php' Multiple Local File Include Vulnerabilities (1.0)

Description

WordPress Plugin PictPress is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. WordPress Plugin PictPress version 0.91 is vulnerable; other versions may also be affected.

Remediation

Update to the latest version

References

http://www.securityfocus.com/bid/26743/exploit
http://www.exploit-db.com/exploits/4695/
http://packetstormsecurity.com/files/view/61555/wppict-disclose.txt
http://secunia.com/advisories/27962/

Related Vulnerabilities

WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0) High
Common tags: Missing Update File Inclusion
WordPress Plugin WP-Client Lite::Client Portals, File Sharing, Messaging & Invoicing Local File Inclusion (1.1.1) High
Common tags: Missing Update File Inclusion
WordPress Plugin Annonces 'abspath' Parameter Remote File Include (1.2.0.0) High
Common tags: Missing Update File Inclusion
WordPress Plugin Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Local File Inclusion (1.4.3) High
Common tags: Missing Update File Inclusion
WordPress Plugin Download Shortcode Local File Inclusion (0.2.3) High
Common tags: Missing Update File Inclusion

Severity

High

Classification

CVE-2007-6369
CWE-22
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update
File Inclusion