CVE-2016-20079
MediumCVSS 6.2Exploitation Probability (EPSS)
Elevated risk51th percentile — higher than 51% of all known CVEs
Summary
WordPress Dharma Booking version 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.
Risk Assessment
This vulnerability may lead to the disclosure of sensitive information, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to update WordPress Dharma Booking to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.

