CVE-2016-20064
MediumCVSS 6.2Summary
WP Vault version 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.
Risk Assessment
This vulnerability poses a serious risk to the organization's security, allowing attackers to access confidential information, which may lead to further attacks or system compromise.
Recommendation
It is recommended to update WP Vault to the latest version that fixes this vulnerability and to implement appropriate security measures to restrict access to sensitive files.
Original NVD description (English source)
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.

