logo
DATABASE RESOURCES PRICING ABOUT US

Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE

Description

The wpdm_admin_upload_file AJAX action used a blacklist approach to forbid potential dangerous files, such as PHP, from being uploaded. However, other dangerous extensions, like .php4 were not forbidden.