CVE-2016-20077 | KaymeePhotography Photocart Link 1.6 on WordPress Configuration Data decode.php ID filename control (Exploit 39623 / EDB-39623)

A vulnerability, which was classified as problematic, was found in KaymeePhotography Photocart Link 1.6 on WordPress. The affected element is an unknown function of the file decode.php of the component Configuration Data Handler. Such manipulation of the argument ID leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’). This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2016-20077. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2016-20077 | KaymeePhotography Photocart Link 1.6 on WordPress Configuration Data decode.php ID filename control (Exploit 39623 / EDB-39623)

Post correlati

CVE-2024-0341 | Inis up to 2.0.1 GET Request File.php path path traversal

CVE-2025-15445 | Restaurant Cafeteria Plugin up to 0.4.6 on WordPress Setting authorization

CVE-2024-0491 | Huaxia ERP up to 3.1 UserController.java password recovery

CVE-2024-12312 | Print Science Designer Plugin up to 1.3.152 on WordPress code injection