PT-2022-17789 · WordPress · All-In-One Video Gallery
Gabriele Zuddas
·
Published
2022-09-06
·
Updated
2024-01-11
·
CVE-2022-2633
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
All-in-One Video Gallery plugin for WordPress versions up to, and including 2.6.0
Description
The issue allows unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server via the
dl parameter found in the ~/public/video.php file. This enables arbitrary file downloads and blind server-side request forgery.Recommendations
For versions up to, and including 2.6.0, consider disabling access to the ~/public/video.php file or restricting the use of the
dl parameter until a patch is available. Avoid using the dl parameter in the affected API endpoint until the issue is resolved.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
All-In-One Video Gallery