- Acunetix uploaded a ZIP file containing a symlink to /etc/passwd. It looks like that web application processed this file and returned the contents of /etc/passwd in response.
- The web application should filter symlinks included inside ZIP files.
- WordPress Plugin VideoWhisper Video Conference Integration 'vw_upload.php' Arbitrary File Upload (4.51)
- WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)
- WordPress Plugin Image News slider Arbitrary File Upload (3.5)
- WordPress Plugin Gravity Forms Arbitrary File Upload (1.8.19)
- WordPress Plugin Popular Posts TimThumb Arbitrary File Upload (2.1.4)