CVE-2016-20064 | myasui WP Vault 0.8.6.6 include wpv-image filename control (Exploit 40850)

A vulnerability classified as problematic was found in myasui WP Vault 0.8.6.6. This issue affects the function include. The manipulation of the argument wpv-image results in improper control of filename for include/require statement in php program (‘php remote file inclusion’). This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is identified as CVE-2016-20064. The attack is only possible with local access. Additionally, an exploit exists.VulDB Recent EntriesRead More