WordPress Wp Downloads Manager Module 'upload.php' Arbitrary File Upload Vulnerability
BID:30365
Info
WordPress Wp Downloads Manager Module 'upload.php' Arbitrary File Upload Vulnerability
| Bugtraq ID: | 30365 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3362 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 24 2008 12:00AM |
| Updated: | May 07 2015 05:25PM |
| Credit: | SaO |
| Vulnerable: |
Giulio Ganci Wp Downloads Manager 0.2 |
| Not Vulnerable: | |
Discussion
WordPress Wp Downloads Manager Module 'upload.php' Arbitrary File Upload Vulnerability
The Wp Downloads Manager module for WordPress is prone to a vulnerability that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied input.
Successfully exploiting this issue will allow attackers to upload and execute arbitrary PHP code within the context of the webserver process. This may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Wp Downloads Manager 0.2 is vulnerable; other versions may also be affected.
The Wp Downloads Manager module for WordPress is prone to a vulnerability that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied input.
Successfully exploiting this issue will allow attackers to upload and execute arbitrary PHP code within the context of the webserver process. This may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Wp Downloads Manager 0.2 is vulnerable; other versions may also be affected.
Exploit / POC
WordPress Wp Downloads Manager Module 'upload.php' Arbitrary File Upload Vulnerability
Attackers may exploit this issue through a browser.
The following exploit code is available:
Attackers may exploit this issue through a browser.
The following exploit code is available:
Solution / Fix
WordPress Wp Downloads Manager Module 'upload.php' Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WordPress Wp Downloads Manager Module 'upload.php' Arbitrary File Upload Vulnerability
References:
References:
- Wp Downloads Manager Homepage (Giulio Ganci)