File Manager < 5.0.2 – Information Disclosure | CVE 2018-7204

Description

The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and an simple dork will find affected sites.

Proof of Concept

http://[target]/wp-content/uploads/file-manager/log.txt

Affects Plugins

file-manager

Fixed in 5.0.2

References

CVE

CVE-2018-7204

URL

http://www.giribaz.com/

URL

https://plugins.trac.wordpress.org/changeset/1823035/file-manager

Classification

Type

FPD

OWASP top 10

A6: Security Misconfiguration

CWE

CWE-209

CVSS

7.5 (high)

Miscellaneous

Submitter

Colette Chamberland

Submitter website

https://www.defiant.com

Submitter twitter

@cjchamberland

Verified

WPVDB ID

f37a3e8b-292a-4c07-8f18-9621ac160810

Timeline

Publicly Published

2018-03-02 (about 8 years ago)

Added

2018-03-02 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2014-08-01

Title

WP Photo Album Plus - Full Path Disclosure

Published

2015-08-06

Title

MP3-jPlayer < 2.5 - Full Path Disclosure

Published

2014-08-01

Title

Imperial Fairytale - Multiple Script Direct Request Path Disclosure

Published

2014-08-01

Title

search-&-share 0.9.3 - SearchAndShare.php Direct Request Path Disclosure

Published

2014-08-01

Title

sintic_gallery - Path Disclosure