header-logo
Suggest Exploit
vendor:
Image Manager Plugin
by:
Zombie KroNickq and All 1923Turk.biz Members
7.5
CVSS
HIGH
Shell Upload
434
CWE
Product Name: Image Manager Plugin
Affected Version From: No Version
Affected Version To: All WordPress Systems
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

WordPress Image Manager Plugins Shell Upload Vulnerability

A vulnerability exists in the Image Manager plugin for WordPress, which allows an attacker to upload a malicious shell to the /demo_images/ directory. This can be done by accessing the /plugins/ImageManager/manager.php page and uploading a GIF89a shell.

Mitigation:

Ensure that the Image Manager plugin is up to date and that all users have strong passwords.
Source

Exploit-DB raw data:

# Exploit Title: Wordpress Image Manager Plugins Shell Upload Vulnerability

# Version: No Version All WordPress Systems

# Thanks ; Zombie KroNickq and All 1923Turk.biz Members
# Special Thanks ; Cyb3rking

Dork: inurl:"/plugins/ImageManager/manager.php"

/plugins/ImageManager/manager.php

Your Shell Top

GIF89a;
<?
-----
?>

And Upload Your Shell. Your Shell Go To /demo_images/

Navigation

Suggest Exploit

Services By CQR