Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and previous versions for WordPress, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress page_flip_image_gallery_plugin 0.1.1 |
||
wordpress page_flip_image_gallery_plugin 0.1 |
||
wordpress page_flip_image_gallery_plugin |
||
wordpress page_flip_image_gallery_plugin 0.2.1 |
||
wordpress page_flip_image_gallery_plugin 0.1.4 |
||
wordpress page_flip_image_gallery_plugin 0.1.3 |
||
wordpress page_flip_image_gallery_plugin 0.2.0 |
||
wordpress page_flip_image_gallery_plugin 0.1.6 |