Description

WordPress Plugin Page Flip Image Gallery is prone to a remote file disclosure vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Page Flip Image Gallery versions 0.2.2 and below are vulnerable.

Remediation

Update to the latest version

References

http://www.exploit-db.com/exploits/7543/

http://packetstormsecurity.com/files/view/73347/wppageflip-disclose.txt

http://secunia.com/advisories/33274/

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-4889)

WordPress Plugin WP Statistics SQL Injection (13.1.4)

WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1762)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18623)

Severity

High

Classification

CVE-2008-5752 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure