exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
WordPress File Manager 6.8 Remote Code Execution https://packetstormsecurity.com/files/160003/wp_file_manager_rce.rb.txt https://packetstormsecurity.com/files/160003/wp_file_manager_rce.rb.txt https://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html Tue, 10 Nov 2020 15:04:01 GMT The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close