CVE-2021-24970

CVE-2021-24970: All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion

Vendor Unknown
Product All-in-One Video Gallery
Weakness CWE-22 · Path traversal
Published December 13, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue

Key dates

02Disclosure timeline

December 13, 2021 CVE published
August 3, 2024 Record updated