First published: Tue Dec 30 2008(Updated: )
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wordpress Page Flip Image Gallery Plugin | <=0.2.2 | |
Wordpress Page Flip Image Gallery Plugin | =0.1 | |
Wordpress Page Flip Image Gallery Plugin | =0.1.1 | |
Wordpress Page Flip Image Gallery Plugin | =0.1.3 | |
Wordpress Page Flip Image Gallery Plugin | =0.1.4 | |
Wordpress Page Flip Image Gallery Plugin | =0.1.6 | |
Wordpress Page Flip Image Gallery Plugin | =0.2.0 | |
Wordpress Page Flip Image Gallery Plugin | =0.2.1 | |
WordPress WordPress |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.