WordPress Plugin Vulnerabilities

Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities

Description

Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file.

By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it.

Proof of Concept

Affects Plugins

Plugin icon
media-file-manager
No known fix

References

CVE
CVE-2018-19040
CVE
CVE-2018-19041
CVE
CVE-2018-19042
CVE
CVE-2018-19043
Exploitdb
45809
URL
https://packetstormsecurity.com/files/#150281/

Miscellaneous

Original Researcher
boombyte
Submitter
Pasquale Turi
Verified
No
WPVDB ID
1236335e-ec15-4e43-b9c4-3ba1363e87af

Timeline

Publicly Published
2018-11-05 (about 7 years ago)
Added
2018-11-09 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Comment Rating 2.9.32 - Security Bypass Weakness & SQL Injection
Published
2019-05-06
Title
W3 Total Cache < 0.9.7.4 - Blind SSRF and RCE via phar
Published
2015-05-02
Title
Ad Inserter 1.5.2 - CSRF & XSS
Published
2024-01-17
Title
popup-builder < 4.2.6 - Admin+ SSRF & File Read
Published
2014-08-01
Title
WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass