CVE-2019-14798Path Traversal in Photo Gallery

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.7%
top 28.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
10web Photo Gallery
Timeline
PublishedAug 9
Latest updateMay 24

Description

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

NVD10web/photo_gallery< 1.5.25

🔴Vulnerability Details

2
GHSA
GHSA-39c3-54g3-jw3m: The 10Web Photo Gallery plugin before 12022-05-24
CVEList
CVE-2019-14798: The 10Web Photo Gallery plugin before 12019-08-09
CVE-2019-14798 — Path Traversal in 10web Photo Gallery | cvebase