GRAND Flash Album Gallery Plugin for WordPress 'f' Parameter Traversal Arbitrary Directory Enumeration

medium Nessus Plugin ID 64259

Synopsis

The remote web server contains a PHP script that is affected by a directory traversal vulnerability.

Description

The Grand Flash Album Gallery Plugin for WordPress installed on the remote host is affected by a directory traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'f' parameter of its 'facebook.php' script. This vulnerability allows an unauthenticated, remote attacker to enumerate arbitrary directories on the remote host using a request containing directory traversal sequences.

The application is also reportedly affected by several information disclosure, SQL injection, and arbitrary file-overwrite vulnerabilities; however, Nessus has not tested for these issues.

Solution

Upgrade to version 2.10 or later.

See Also

http://www.waraxe.us/advisory-94.html

https://wordpress.org/plugins/flash-album-gallery/#changelog

Plugin Details

Severity: Medium

ID: 64259

File Name: wordpress_grand_flagallery_info_disclosure.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 1/28/2013

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 10/29/2012

Vulnerability Publication Date: 10/24/2012

Reference Information

BID: 56236