Wechat Broadcast <= 1.2.0 – Local/Remote File Inclusion

September 24, 2018
wechat-broadcast Theme Builder Layout
This bug was found in the file:

/wechat-broadcast/wechat/Image.php

echo file_get_contents(isset($_GET["url"]) ? $_GET["url"] : '');

The parameter "url" it is not sanitized allowing include local or remote
files

To exploit the vulnerability only is needed use the version 1.0 of the HTTP
protocol to interact with the application.

Share this article:
 

eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Related Posts

wordpress-5-3-1-security-and-maintenance-release Theme Builder Layout

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.