[Vulnerability Recurrence] WordPress plugin wp-file-manager arbitrary file upload vulnerability (CVE-2020-25213) - Code World

[Vulnerability Recurrence] WordPress plugin wp-file-manager arbitrary file upload vulnerability (CVE-2020-25213)

Mobile 2023-10-07 04:06:21 views: null

Article directory

Preface
statement
1. Introduction
2. Plug-in introduction
3. Vulnerability Overview
4. Scope of influence
5. Vulnerability analysis
6. Environment construction
7. Recurrence of vulnerabilities
8. Repair suggestions

Preface

There is a serious security vulnerability in the WordPress plug-in WPFileManager, which allows an attacker to arbitrarily upload files and perform remote code execution on any WordPress website where this plug-in is installed.

statement

Please do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article are the responsibility of the user himself. All adverse consequences and The author of the article is irrelevant. This article is for educational purposes only.

1. Introduction

WordPress is a blogging platform developed using PHP language. Users can set up their own website on a server that supports PHP and MySQL databases. You can also use WordPress as a content management system (CMS).

Guess you like

Origin blog.csdn.net/weixin_46944519/article/details/132898528

[Vulnerability Recurrence] WordPress plugin wp-file-manager arbitrary file upload vulnerability (CVE-2020-25213)

CVE-2018-2894 weblogic arbitrary file upload vulnerability recurrence

[vulhub vulnerability recurrence] CVE-2018-2894 Weblogic arbitrary file upload vulnerability

UFIDA KSOA ImageUpload Arbitrary File Upload Vulnerability Recurrence + Exploitation

Hongjing eHR arbitrary file upload vulnerability recurrence (0day)

Vulnerability recurrence - there is an arbitrary file reading vulnerability in the iDocview doc/upload interface (vulnerability detection script attached)

Vulnerability recurrence - UFIDA NC arbitrary file upload vulnerability (with vulnerability detection script)

Arbitrary file upload vulnerability (introduction)

[vulhub vulnerability recurrence] CVE-2016-3088 ActiveMQ arbitrary file writing vulnerability

Hikvision iVMS integrated security system arbitrary file upload vulnerability recurrence (0day)

Weblogic arbitrary file upload vulnerability (CVE-2018-2894) reproduction

UFIDA NC Arbitrary File Upload Vulnerability Reproduced

Arbitrary file upload vulnerability in UEditor .Net version

Hongjing eHR Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability in SecGate 3600 Firewall

Arbitrary file upload vulnerability mining (getshell)

[Vulnerability Recurrence] There is a recurrence of arbitrary file reading vulnerability in Panwei e-office OfficeServer2.php

Vulnerability Recurrence-Yisaitong arbitrary file reading vulnerability (with vulnerability detection script)

Vulnerability recurrence-milesight vpn arbitrary file reading vulnerability (with vulnerability detection script)

Vulnerability reproduction - Tomcat arbitrary file upload vulnerability (CVE-2017-12615)

Weblogic Vulnerability (4) CVE-2018-2894 Arbitrary File Upload Vulnerability

Vulnerability recurrence - Zhejiang University Ent customer resource management system CustomerAction.entphone; .js interface arbitrary file upload vulnerability (with vulnerability detection script)

[Vulnerability Recurrence] Smanga Unauthorized Remote Code Execution Vulnerability (CVE-2023-36076) Additional SQL Injection + Arbitrary File Reading

Arbitrary File Download Vulnerability

Vulnerability recurrence - arbitrary file reading exists in a certain interface of a friend's CRM system (with vulnerability detection script attached)

Vulnerability recurrence - Hongfan OA iorepsavexml.aspx file upload vulnerability (with vulnerability detection script)

Apache Axis2 background file upload getshell vulnerability recurrence

Arbitrary file upload vulnerability in Zhiyuan OA-ajax.do

There is an arbitrary file upload vulnerability in the comprehensive management platform of Dahua Smart Park

Hikvision iVMS integrated security system arbitrary file upload vulnerability reappears

Recommended

Ranking

error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘

Database migration between Navicat servers

Minimum number of rotation of the array: Array

balenaEtcher for mac (make a boot disk software) v1.5.67

Custom processing serialization and deserialization in jackson

Mu-en-mask system development software

Mastering Regular Expressions

Find mileage Java--

Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions

[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite

Daily

More

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)