Description

WordPress Plugin Page Flip Image Gallery is prone to a remote file disclosure vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Page Flip Image Gallery versions 0.2.2 and below are vulnerable.

Remediation

Update to the latest version

References

http://www.exploit-db.com/exploits/7543/

http://packetstormsecurity.com/files/view/73347/wppageflip-disclose.txt

http://secunia.com/advisories/33274/

Related Vulnerabilities

WordPress Plugin Download Shortcode Local File Inclusion (0.2.3)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0800)

Oracle Application Server CVE-2008-2589 Vulnerability (CVE-2008-2589)

WordPress Plugin Swift Landing Page Cross-Site Request Forgery (1.1)

WordPress Plugin 404 SEO Redirection SQL Injection (1.0)

Severity

High

Classification

CVE-2008-5752 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure