Security for everyone

CVE-2021-24970 Scanner

Detects 'Local File Inclusion (LFI)' vulnerability in All-In-One Video Gallery plugin for WordPress affects v. before 2.5.0.

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-24970 Scanner Detail

Vulnerability Overview

The vulnerability arises from the plugin's failure to adequately sanitize and validate user inputs before including files. This oversight allows for the inclusion of arbitrary files stored on the server, potentially leading to sensitive information disclosure.

Vulnerability Details

Specifically, the issue is found within the admin dashboard of the All-in-One Video Gallery plugin. The 'tab' parameter is mishandled, enabling attackers with administrative access to exploit the vulnerability by navigating to a crafted URL that includes sensitive system files.

Possible Effects

Exploiting this vulnerability can lead to:

  • Unauthorized access to sensitive files on the server.
  • Disclosure of sensitive information such as credentials, system configuration details, and more.
  • Potentially leveraging the disclosed information for further attacks against the system or network.

Why Choose SecurityForEveryone

At SecurityForEveryone, we offer cutting-edge solutions for detecting and managing vulnerabilities like CVE-2021-24970. Our platform provides:

  • Comprehensive vulnerability assessments tailored to your needs.
  • Timely alerts and updates on new and emerging threats.
  • Expert support to guide you through remediation processes. Join SecurityForEveryone today and fortify your cybersecurity defenses against evolving threats.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture