Primary

Context

Apptha Slider Gallery Path Traversal Vulnerability Allowing Arbitrary File Download

Vulnerability

A path traversal vulnerability has been identified in the Apptha Slider Gallery WordPress plugin, version 1.0. This vulnerability allows unauthenticated attackers to download arbitrary files by manipulating the 'imgname' parameter. Exploitation involves sending requests to 'asgallDownload.php' with directory traversal sequences to access sensitive files outside the intended directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access and download of sensitive files from the server.

Reproduction

To reproduce this vulnerability, send a request to 'asgallDownload.php' with the 'imgname' parameter. Include directory traversal sequences to navigate outside the intended directory and access sensitive files. This can be done using a web browser or a tool like cURL or Postman.

Added: Jun 9, 2026, 2:05 PM

Updated: Jun 9, 2026, 2:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

9.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

9.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apptha Slider Gallery Path Traversal Vulnerability Allowing Arbitrary File Download

Vulnerability

Impact

Reproduction

Affected Products

Apptha Slider Gallery

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating