Remote File Inclusion Vulnerability in WordTube Plugin by WordPress

CVE-2007-2482

Summary

The directory traversal vulnerability in the WordTube plugin (versions 1.43 and earlier) for WordPress allows attackers to exploit the wpPATH parameter when register_globals is enabled. By sending a specially crafted request containing the '..' directory traversal sequence, malicious users can include and execute arbitrary local files on the server. This poses a significant security risk, enabling unauthorized access to sensitive information or even complete server control.

References