CVE-2020-25213

The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...

VulnCheck KEV: CVE-2020-25213

WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site...

WordPress File Manager Plugin < 6.9 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

Arbitrary Code Execution

concrete5/concrete5 is vulnerable to arbitrary code execution. The vulnerability exists as the File Manager does not restrict file types, such as .php files, which may be executed when loaded...

CVE-2020-24986

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands...

CVE-2020-24986

Concrete5 (CMS) up to and including 8.5.2 is vulnerable to an Unrestricted Upload of a dangerous file type (e.g., .php) via the File Manager, enabling execution of arbitrary commands. Affected: Concrete5 8.5.2 and earlier. Root cause: file-type upload not sufficiently restricted. Impact: potentia...

CVE-2020-24986

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands...

WordPress File Manager Plugin < 6.9 Arbitrary File Upload

We noticed multiple cases where WordPress sites were breached using 0-day in wp-file-manager confirmed with v6.8, which was the latest version available in wordpress.org. File lib/php/connector.minimal.php can be by default opened directly, and this file loads lib/php/elFinderConnector.class.php...

WordPress Plugin 'File Manager' 6.x < 6.9 Remote Code Execution

The WordPress application running on the remote host has a version of the 'File Manager' plugin that is 6.x prior to 6.9. It is, therefore, affected by a remote code execution vulnerability due to improper inclusion of elFinder. An unauthenticated, remote attacker can exploit this, by sending a...

A Critical Flaw Is Affecting Thousands of WordPress Sites

Hackers have been exploiting the vulnerability, which is now patched: Users should update to File Manager version 6.9 ASAP...

Unspecified Vulnerability in WordPress File Manager

WordPress is a blogging platform developed using the PHP language. A security vulnerability exists in WordPress File Manager, which can be exploited by attackers to arbitrarily upload files and remotely execute code...

File Manager 6.0-6.9 - Unauthenticated Arbitrary File Upload leading to RCE

Seravo noticed multiple cases where WordPress sites were breached using 0-day in wp-file-manager confirmed with v6.8, which was the latest version available in wordpress.org. File lib/php/connector.minimal.php can be by default opened directly, and this file loads...

File Manager 6.0-6.9 - Unauthenticated Arbitrary File Upload leading to RCE

Seravo noticed multiple cases where WordPress sites were breached using 0-day in wp-file-manager confirmed with v6.8, which was the latest version available in wordpress.org. File lib/php/connector.minimal.php can be by default opened directly, and this file loads...

WordPress File Manager plugin <= 6.8 - Unauthenticated Arbitrary File Upload leading to RCE vulnerability

Unauthenticated Arbitrary File Upload leading to RCE vulnerability found by w4fz5uck5 in WordPress File Manager plugin versions = 6.8. Solution Update the WordPress File Manager plugin to the latest available version at least 6.9...

[SECURITY] [DLA 2352-1] php-horde-gollem security update

Debian LTS Advisory DLA-2352-1 [email protected] https://www.debian.org/lts/security/ Mike Gabriel August 29, 2020 https://wiki.debian.org/LTS Package : php-horde-gollem Version : 3.0.10-1+deb9u2 CVE ID : CVE-2017-15235 The File Manager gollem module in Horde Groupware has allowed remot...

FreeBSD : ark -- extraction outside of extraction directory (38fdf07b-e8ec-11ea-8bbe-e0d55e2a8bf9)

Albert Astals Cid reports : Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept For testing, an example of malicious archive can be found at dirsymlink.tar Impact Users can unwillingly...

ark -- extraction outside of extraction directory

Albert Astals Cid reports: Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept For testing, an example of malicious archive can be found at dirsymlink.tar Impact Users can unwillingly...

CVE-2020-24312

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...

CVE-2020-24312

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...

Design/Logic Flaw

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...