Lucene search
MitreVULNRICHMENT:CVE-2020-35235HistoryDec 14, 2020 - 2:20 a.m.
CVE-2020-35235
2020-12-1402:20:27
mitre
github.com
4
cve-2020-35235
vendor/elfinder/php/connector.minimal.php
secure-file-manager plugin
wordpress
access control
authenticated user
remote code execution
unsupported product
AI Score
7.8
Confidence
Low
EPSS
0.005
Percentile
76.4%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Related
cvelist
cvelist
CVE-2020-35235
2020-12-14 02:20:27
wpvulndb
wpvulndb
Secure File Manager < 2.8.2 - Authenticated Remote Command Execution
2020-11-23 00:00:00
nvd
nvd
CVE-2020-35235
2020-12-14 03:15:13
wpexploit
wpexploit
Secure File Manager < 2.8.2 - Authenticated Remote Command Execution
2020-11-23 00:00:00
prion
prion
Remote code execution
2020-12-14 03:15:00
cve
cve
CVE-2020-35235
2020-12-14 03:15:13
AI Score
7.8
Confidence
Low
EPSS
0.005
Percentile
76.4%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2020-35235