Description The plugin does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
1. Go to settings page (/wordpress/wp-admin/admin.php?page=file-manager-settings). 2. In the βRoot Folder Pathβ setting, change directory to /home or you can use Path Traversal /var/www/html/β¦/β¦/β¦/home or /var/www/html/wordpress/β¦/β¦/β¦/β¦/etc. 3. Then navigate to the page of plugin (/wordpress/wp-admin/admin.php?page=file-manager#elf_l1_Lw). 4. You will be able to list the files/folders outside of the WordPress root directory.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 6.3 |