Description

WordPress Plugin Downloads Manager is prone to a vulnerability that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied input. Successfully exploiting this issue will allow attackers to upload and execute arbitrary PHP code within the context of the webserver process. This may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Downloads Manager version 0.2 is vulnerable; other versions may also be affected.

Remediation

Update to the latest version

References

http://www.securityfocus.com/bid/30365/exploit

http://www.exploit-db.com/exploits/6127/

http://packetstormsecurity.com/files/view/68478/wordpressdm-upload.txt

Related Vulnerabilities

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3170)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Open Redirect (4.4.1)

Oracle JRE CVE-2013-2435 Vulnerability (CVE-2013-2435)

WordPress Plugin CM Download Manager Arbitrary File Upload (2.8.5)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Multiple Cross-Site Scripting Vulnerabilities (1.30)

Severity

High

Classification

CVE-2008-3362 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Unauthenticated File Upload