CVE-2021-24363: Path Traversal
First published: Mon Aug 16 2021(Updated: )
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10web Photo Gallery | <1.5.75 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-24363?
CVE-2021-24363 is a vulnerability found in the Photo Gallery by 10Web plugin for WordPress, allowing high privilege users to upload files anywhere in the filesystem.
What is the severity of CVE-2021-24363?
The severity of CVE-2021-24363 is rated as medium with a CVSS score of 4.9.
How does CVE-2021-24363 impact the Photo Gallery plugin?
CVE-2021-24363 allows high privilege users to upload images/SVG anywhere in the filesystem using a path traversal vulnerability in the Photo Gallery plugin.
How can I fix CVE-2021-24363?
To fix CVE-2021-24363, update the Photo Gallery by 10Web plugin to version 1.5.75 or above.
What is CWE-22?
CWE-22 refers to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability, which is the type of vulnerability found in CVE-2021-24363.
- collector/nvd-index
- vendor/10web
- canonical/10web photo gallery