• uWSGI is a software application that "aims at developing a full stack for building hosting services".
  
  The uWSGI PHP plugin before 2.0.17 is vulnerable to Path Traversal Vulnerability when used without specifying the php-allowed-docroot option.
  
  The vulnerability exists due to improper validation of the file path when requesting a resource under the DOCUMENT_ROOT directory which is specified via php-docroot.
  
  A remote attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences (..%2f).

• Upgrade to the latest version uWSGI. This vulnerability was fixed in uWSGI version 2.0.17.

• • uWSGI PHP Plugin Directory Traversal
  • uWSGI 2.0.17

• 

• CVE-2018-7490

• CWE-22

• Directory Traversal

• WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
• WordPress Plugin Zedna eBook download Directory Traversal (1.1)
• WordPress Plugin DM Albums File Dislosure (1.9.2)
• WordPress Plugin WooCommerce Products Filter Multiple Vulnerabilities (1.1.9)
• WordPress Plugin Shortcode Factory Local File Inclusion (2.7)