Description
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
Remediation
References
Related Vulnerabilities
WordPress Plugin Royal Gallery Cross-Site Scripting (2.0)
WordPress Plugin WP ULike Multiple Vulnerabilities (3.1)
WordPress Plugin W4 Post List Multiple Vulnerabilities (2.4.5)
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2024-21490)
WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)