Description
Acunetix uploaded a ZIP file containing a symlink to /etc/passwd. It looks like that web application processed this file and returned the contents of /etc/passwd in response.
Remediation
The web application should filter symlinks included inside ZIP files.
References
Related Vulnerabilities
WordPress Plugin MapSVG Lite Arbitrary File Upload (4.2.4)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)
YOURLS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3824)
WordPress Plugin Estatik Real Estate Arbitrary File Upload (2.3.0)