- Multiple vulnerabilities exist in Barracuda Networks products due to improper validation of user-controlled input. User-controllable input supplied to the embedded web server is not properly sanitized for illegal path delimiting characters prior to being used to access files. A specially crafted HTTP request containing directory traversal sequences could allow remote attackers to conduct traversal attacks.
- The vendor has released Security Definition update v2.0.4 that addresses these vulnerabilities.
- WordPress Plugin Photocart Link Local File Inclusion (1.6)
- WordPress Plugin WP Cost Estimation & Payment Forms Builder Directory Traversal (9.659)
- WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)
- WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)
- WordPress Plugin Theme My Login Local File Inclusion (6.3.9)