Lucene search
Dmitrii IgnatyevWPEX-ID:F250226F-4A05-4D75-93C4-5444A4CE919EHistoryNov 20, 2023 - 12:00 a.m.
File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal
2023-11-2000:00:00
Dmitrii Ignatyev
25
file manager
os access
vulnerability
path traversal
wordpress
Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
1. Go to settings page (/wordpress/wp-admin/admin.php?page=file-manager-settings).
2. In the βRoot Folder Pathβ setting, change directory to /home or you can use Path Traversal /var/www/html/../../../home or /var/www/html/wordpress/../../../../etc.
3. Then navigate to the page of plugin (/wordpress/wp-admin/admin.php?page=file-manager#elf_l1_Lw).
4. You will be able to list the files/folders outside of the WordPress root directory.Related
prion
prion
Design/Logic Flaw
2023-12-11 20:15:00
cve
cve
CVE-2023-5907
2023-12-11 20:15:07
wpvulndb
wpvulndb
File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal
2023-11-20 00:00:00
nvd
nvd
CVE-2023-5907
2023-12-11 20:15:07
cvelist
cvelist
wordfence
wordfence
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.6%
Related for WPEX-ID:F250226F-4A05-4D75-93C4-5444A4CE919E