CVE-2023-1427

EUVD-2023-23680
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CISA-ADPADP
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
10webphoto_gallery
𝑥
< 1.8.15
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946
https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946