Lucene search
Dmitrii IgnatyevWPVDB-ID:D40C7108-BAD6-4ED3-8539-35C0F57E62CCHistoryNov 13, 2023 - 12:00 a.m.
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download
2023-11-1300:00:00
Dmitrii Ignatyev
wpscan.com
5
frontend file manager
vulnerability
editor+ user
arbitrary file download
wp-config.php
wordpress
Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php
PoC
- Create new post with this shortcode - [ffmwp] 2) Go to new post and upload any file 3) After that go to main page of plugin for users http://your_site/wordpress/wp-admin/edit.php?post_type=wpfm-files 4) Click to “Edit” button 5) Change wpfm_dir_path and wpfm_file_url to /var/www/html/wordpress/wp-config.php 6) Go back to the main page http://your_site/wordpress/wp-admin/edit.php?post_type=wpfm-files and click “Download”
Related
cve
cve
CVE-2023-5105
2023-12-04 22:15:07
prion
prion
Design/Logic Flaw
2023-12-04 22:15:00
nvd
nvd
CVE-2023-5105
2023-12-04 22:15:07
wpexploit
wpexploit
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download
2023-11-13 00:00:00
cvelist
cvelist
CVE-2023-5105 Frontend File Manager < 22.6 - Editor+ Arbitrary File Download
2023-12-04 21:27:46
wordfence
wordfence
AI Score
9.7
Confidence
High
EPSS
0.001
Percentile
16.2%
Related for WPVDB-ID:D40C7108-BAD6-4ED3-8539-35C0F57E62CC