cvedb.io
CVE-2023-1427
MEDIUM · CVSS 4.9
EPSS exploitation probability: 0%
Published 2023-04-17T13:15:38.440 · Last modified 2026-06-17T05:27:56.187

Summary

- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

Affected products

10web — photo_gallery

Does this affect you?

Add your gear to cvedb and we'll alert you only when 10web ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.