WordPress – KenBurner Slider Local File Inclusion (LFI)

Description

Kayran has detected that you’re using a Responsive KenBurner Slider WordPress Plugin.
This local file inclusion (LFI) vulnerability appeared due to a failure to properly sanitize user-supplied inputs to the ‘img’ parameter of the ‘image_view.class.php’ script.

By exploiting this vulnerability, attackers can download any file they please, even your wp-config.php file.
By doing so, he can steal the database’s credentials, which then allows him to initiate attacks against the website via the database.

Recommendation

To deal with it, upgrade this vulnerable KenBurner Slider WordPress Plugin to version 1.8, which is the version that this vulnerability got fixed.

References

https://arbitrary321.rssing.com/chan-37141670/latest.php

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »