CVE-2021-24970 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in All-In-One Video Gallery plugin for WordPress affects v. before 2.5.0.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
792 sec
Scan only one
Domain, Ipv4
Toolbox
-
Vulnerability Overview
The vulnerability arises from the plugin's failure to adequately sanitize and validate user inputs before including files. This oversight allows for the inclusion of arbitrary files stored on the server, potentially leading to sensitive information disclosure.
Vulnerability Details
Specifically, the issue is found within the admin dashboard of the All-in-One Video Gallery plugin. The 'tab' parameter is mishandled, enabling attackers with administrative access to exploit the vulnerability by navigating to a crafted URL that includes sensitive system files.
Possible Effects
Exploiting this vulnerability can lead to:
- Unauthorized access to sensitive files on the server.
- Disclosure of sensitive information such as credentials, system configuration details, and more.
- Potentially leveraging the disclosed information for further attacks against the system or network.
Why Choose S4E
At S4E, we offer cutting-edge solutions for detecting and managing vulnerabilities like CVE-2021-24970. Our platform provides:
- Comprehensive vulnerability assessments tailored to your needs.
- Timely alerts and updates on new and emerging threats.
- Expert support to guide you through remediation processes. Join S4E today and fortify your cybersecurity defenses against evolving threats.