CVE-2016-20078

Description

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Henrique Dias / IMDb Profile Widget1.0.8 – 1.0.8

References

EXPLOIThttps://www.exploit-db.com/exploits/39621
MISChttps://wordpress.org/plugins/imdb-widget/
VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/wordpress-imdb-profile-widget-local-file-inclusion-via-pic-php