MEDIUM
Henrique Dias
CVE published 2026-06-15
CVE-2016-20078
CVE-2016-20078 is a local file inclusion vulnerability in WordPress IMDb Profile Widget version 1.0.8. This vulnerability allows unauthenticated attackers to read arbitrary files by manipulating the URL parameter in GET requests to `pic.php`. Attackers can supply directory traversal sequences to access sensitive files, such as `wp-config.php`, which contains database credentials and configuration data.