WordPress Lytebox Plugin 1.3 - Local File Inclusion

lytebox

Software
Lytebox
Versions
<= 1.3
Disclosure date
2009-05-26
CVE
CVE-2009-4672
References
Credits
Classification
Local File Inclusion
OWASP Top 10

Are your websites subject to this vulnerability?

Details

WP-Lytebox fails to properly sanitize user-supplied input, therefore it allows an attacker to include a file. An attacker can view files and execute scripts.

Solution

Upgrade to version 1.3.1 or later.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.