WordPress Wp-FileManager Plugin File Download Vulnerability Network Vulnerability

Summary

This host is running WordPress with wp-FileManager plugin and is prone to file download vulnerability.

Impact

Successful exploitation will allow remote attackers to download and read arbitrary files on the affected application. Impact Level: Application

Solution

Upgrade to version 1.4.0 or later, For updates refer to http://wordpress.org/extend/plugins/wp-filemanager

Insight

The input passed via 'path' parameter to 'wordpress/wp-content/plugins/wp-filemanager/incl/libfile.php' script is not properly validating '../'(dot dot) sequences before being returned to the user.

Affected

Wordpress wp-FileManager Plugin before 1.4.0

References

http://security4you.net/blog/wordpress-wp-filemanager-local-file-download-vulnerability
http://wordpress.org/extend/plugins/wp-filemanager/changelog
http://www.securelist.com/en/advisories/53421

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
3Com NBX VoIP NetSet Detection
AN Guestbook Local File Inclusion Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

WordPress wp-FileManager Plugin File Download Vulnerability

Take action and discover your vulnerabilities