MEDIUM
jamie
CVE published 2026-06-15
CVE-2016-20079
CVE-2016-20079 is a local file inclusion vulnerability in WordPress Dharma Booking 2.28.3 and earlier. This vulnerability allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter in proccess.php. Attackers can supply file paths with directory traversal sequences or null byte injection to read sensitive files like configuration and system files.