WordPress File Manager 6.8 Remote Code Execution

Posted by deepcore on November 11, 2020 – 7:55 pm

The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Rapid7 Metasploit Framework msfvenom APK Template Command Injection Anuko Time Tracker 1.19.23.5325 CSV Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

WordPress File Manager 6.8 Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL