Description

Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.

Remediation

References

CVE-2008-0615

Related Vulnerabilities

LiteSpeed Web Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4871)

Microsoft SQL Server Other Vulnerability (CVE-2001-0344)

WebLogic CVE-2019-2891 Vulnerability (CVE-2019-2891)

WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)

PHP Use of Uninitialized Resource Vulnerability (CVE-2015-8390)

Severity

Medium

Classification

CVE-2008-0615 CWE-22

Tags

Missing Update Known Vulnerabilities