• Acunetix uploaded a ZIP file containing a symlink to /etc/passwd. It looks like that web application processed this file and returned the contents of /etc/passwd in response.

• The web application should filter symlinks included inside ZIP files.

• • Reading local files from Facebook's server

• 

• CWE-200

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

• Unauthenticated File Upload

• WordPress Plugin VideoWhisper Video Conference Integration 'vw_upload.php' Arbitrary File Upload (4.51)
• WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)
• WordPress Plugin Image News slider Arbitrary File Upload (3.5)
• WordPress Plugin Gravity Forms Arbitrary File Upload (1.8.19)
• WordPress Plugin Popular Posts TimThumb Arbitrary File Upload (2.1.4)