PatchSiren

KaymeePhotography CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM KaymeePhotography CVE published 2026-06-15

CVE-2016-20077

CVE-2016-20077 is a local file inclusion vulnerability in WordPress Plugin Photocart Link 1.6. The vulnerability allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and [truncated]