Path Traversal Vulnerability Affects Unite Gallery Lite
CVE-2023-33310

6MEDIUM

Key Information:

Vendor: WordPress
Status: Unite Gallery Lite
Vendor: CVE Published:; 17 May 2024

Summary

A vulnerability exists in Valiano Unite Gallery Lite due to improper limitation of a pathname to a restricted directory, allowing for PHP Local File Inclusion (LFI). This flaw enables an attacker to potentially access sensitive files on the server or execute arbitrary PHP code through crafted input. Affected versions, including all releases up to and including 1.7.59, require immediate attention to protect against this type of path traversal attack, ensuring the integrity and confidentiality of hosted websites.

Affected Version(s)

Unite Gallery Lite <= 1.7.59

References

https://patchstack.com/database/vulnerability/unite-galle...

vdb-entry

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
May 22, 2023

Credit

yuyudhn (Patchstack Alliance)