CVE Catalog

CVE-2016-20077

MediumCVSS 6.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

The WordPress Plugin Photocart Link version 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php.

Risk Assessment

Attackers can access sensitive files like wp-config.php, potentially exposing database credentials and configuration information.

Recommendation

It is recommended to update the plugin to the latest version and implement appropriate security measures to minimize the risk of local file inclusion attacks.

Original NVD description (English source)

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and configuration data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS