CVE Catalog

CVE-2016-20064

MediumCVSS 6.2
Published: Updated: Translated: NVD NIST

Summary

WP Vault version 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.

Risk Assessment

This vulnerability poses a serious risk to the organization's security, allowing attackers to access confidential information, which may lead to further attacks or system compromise.

Recommendation

It is recommended to update WP Vault to the latest version that fixes this vulnerability and to implement appropriate security measures to restrict access to sensitive files.

Original NVD description (English source)

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS