uWSGI is a software application that "aims at developing a full stack for building hosting services".
The uWSGI PHP plugin before 2.0.17 is vulnerable to Path Traversal Vulnerability when used without specifying the php-allowed-docroot option.
The vulnerability exists due to improper validation of the file path when requesting a resource under the DOCUMENT_ROOT directory which is specified via php-docroot.
A remote attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences (..%2f).
- Upgrade to the latest version uWSGI. This vulnerability was fixed in uWSGI version 2.0.17.
- WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
- WordPress Plugin Zedna eBook download Directory Traversal (1.1)
- WordPress Plugin DM Albums File Dislosure (1.9.2)
- WordPress Plugin WooCommerce Products Filter Multiple Vulnerabilities (1.1.9)
- WordPress Plugin Shortcode Factory Local File Inclusion (2.7)