Detections
Analytics

CVE-2016-20078

high

Description

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data.

References

https://www.vulncheck.com/advisories/wordpress-imdb-profile-widget-local-file-inclusion-via-pic-php

https://www.exploit-db.com/exploits/39621

https://wordpress.org/plugins/imdb-widget/

Details

Source: Mitre, NVD

Published: 2026-06-15

Updated: 2026-06-15

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High