Bugtraq: Cross-Site Request Forgery in File Manager WordPress plugin

————————————————————————

Cross-Site Request Forgery in File Manager WordPress plugin

————————————————————————

David Vaartjes, July 2016

————————————————————————

Abstract

————————————————————————

A Cross-Site Request Forgery (CSRF) vulnerability was found in the File

Manager WordPress Plugin. Among others, this issue can be used to upload

arbitrary PHP files to the server.

————————————————————————

OVE ID

————————————————————————

OVE-20160712-0029

————————————————————————

Tested versions

————————————————————————

This issue was succesfully tested on the File Manager WordPress Plugin

version 3.0.1.

————————————————————————

Fix

————————————————————————

There is currently no fix available.

————————————————————————

Details

————————————————————————

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_file_man

ager_wordpress_plugin.html

————————————————————————

Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its

goal is to contribute to the security of popular, widely used OSS

projects in a fun and educational way.

[ reply ]

Source: SecurityFocus Vulnerabilities @ March 1, 2017 at 01:02AM

0
Share