First published: Mon Apr 17 2023(Updated: )
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <1.8.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1427 is a vulnerability found in The Photo Gallery by 10Web WordPress plugin before version 1.8.15.
CVE-2023-1427 has a severity rating of 4.9, which is considered medium.
The affected software is the Photo Gallery by 10Web WordPress plugin before version 1.8.15.
CVE-2023-1427 allows high privilege users to put images anywhere in the filesystem via a path traversal vector.
To fix CVE-2023-1427, update The Photo Gallery by 10Web WordPress plugin to version 1.8.15 or later.