Description
WordPress Plugin PictPress is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. WordPress Plugin PictPress version 0.91 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/26743/exploit
http://www.exploit-db.com/exploits/4695/
http://packetstormsecurity.com/files/view/61555/wppict-disclose.txt
Related Vulnerabilities
Joomla Missing Authorization Vulnerability (CVE-2019-18674)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8623)
Apache Traffic Server Unchecked Return Value Vulnerability (CVE-2024-50306)
MySQL CVE-2022-21640 Vulnerability (CVE-2022-21640)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20098)