CVE Catalog

CVE-2016-20079

MediumCVSS 6.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.78%

51th percentile — higher than 51% of all known CVEs

Summary

WordPress Dharma Booking version 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.

Risk Assessment

This vulnerability may lead to the disclosure of sensitive information, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to update WordPress Dharma Booking to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS