6 matches found
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
WordPress File Manager 6.9 Shell Upload
!/usr/bin/env Exploit Title: WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Date: 22-01-2023 Exploit Author: BLY Vendor Homepage: https://wpscan.com/vulnerability/10389 Version: File Manager plugin 6.0-6.9 Tested on: Debian CVE : CVE-2020-25213 import...
WordPress WP-file-manager v6.9 Plugin - Unauthenticated Arbitrary File Upload Exploit
!/usr/bin/env Exploit Title: WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Date: 22-01-2023 Exploit Author: BLY Vendor Homepage: https://wpscan.com/vulnerability/10389 Version: File Manager plugin 6.0-6.9 Tested on: Debian CVE : CVE-2020-25213 import...
WordPress Plugin Wp-FileManager 6.8 - RCE
Exploit Title: WordPress Plugin Wp-FileManager 6.8 - RCE Date: September 4,2020 Exploit Author: Mansoor R @time4ster CVE: CVE-2020-25213 Version Affected: 6.0 to 6.8 Vendor URL: https://wordpress.org/plugins/wp-file-manager/ Patch: Upgrade to wp-file-manager 6.9 or above Tested on: wp-file-manage...
WordPress File Manager Unauthenticated Remote Code Execution
The File Manager wp-file-manager plugin from 6.0 to 6.8 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile...
CVE-2020-25213
CVE-2020-25213 affects the WordPress WP-File-Manager plugin (versions 6.0–6.8; remediation to 6.9+). Root cause: renaming an unsafe elFinder connector file to .php allowed unauthenticated remote code execution via the plugin’s file-upload mechanism, enabling commands to write PHP into wp-content/...