Description
Acunetix uploaded a ZIP file containing a symlink to /etc/passwd. It looks like that web application processed this file and returned the contents of /etc/passwd in response.
Remediation
The web application should filter symlinks included inside ZIP files.
References
Related Vulnerabilities
WordPress Plugin Ultimate Member-User Profile & Membership Arbitrary File Upload (1.0.83)
WordPress Plugin Wallable-Social Networking Arbitrary File Upload (1.1)
WordPress Plugin Carousel slideshow 'upload.php' Arbitrary File Upload (3.9)
WordPress Plugin Flip Book 'php.php' Arbitrary File Upload (1.0)
WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)