QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24363

Published: Aug 16, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector

Vendor	Product	Versions
Unknown	Photo Gallery by 10Web – Mobile-Friendly Image Gallery	affected `1.5.75 - < 1.5.75`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.