CVE-2016-20082
MEDIUMWordPress Plugin Abtest Local File Inclusion via abtest_admin.php
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2016-20082. PoCs published by CrashBandicot.
AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the WordPress Abtest plugin. The vulnerable code in 'abtest_admin.php' directly includes a file based on the 'action' parameter without proper sanitization, allowing an attacker to include arbitrary local files.
Description
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.
Exploits (1)
This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the WordPress Abtest plugin. The vulnerable code in 'abtest_admin.php' directly includes a file based on the 'action' parameter without proper sanitization, allowing an attacker to include arbitrary local files.
References (3)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N