Description
Acunetix uploaded a ZIP file containing a symlink to /etc/passwd. It looks like that web application processed this file and returned the contents of /etc/passwd in response.
Remediation
The web application should filter symlinks included inside ZIP files.
References
Related Vulnerabilities
WordPress Plugin Jigoshop Information Disclosure (1.17.9)
WordPress Plugin WP Easy Gallery 'add-gallery.php' Arbitrary File Upload (1.8)
WordPress Plugin ArcadePress 'upload.php' Arbitrary File Upload (0.65)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.5.4)
WordPress Plugin Invit0r 'ofc_upload_image.php' Arbitrary File Upload (0.22)