Vulnerabilities > CVE-2023-1427 - Unspecified vulnerability in 10Web Photo Gallery
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.