CVE-2023-1427

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 65.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Photo Gallery BY 10web10web Photo Gallery
Timeline
PublishedApr 17

Description

- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVD10web/photo_gallery< 1.8.15
CVEListV5unknown/photo_gallery_by_10web< 1.8.15

🔴Vulnerability Details

2
GHSA
GHSA-rwcv-wwxv-h77x: - The Photo Gallery by 10Web WordPress plugin before 12023-04-17
CVEList
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal2023-04-17
CVE-2023-1427 (MEDIUM CVSS 4.9) | - The Photo Gallery by 10Web WordPr | cvebase.io