10

CVE-2008-3362

Exploit

Downloads Manager <= 0.2 - Arbitrary File Upload

Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
Mögliche Gegenmaßnahme
Downloads Manager: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Downloads Manager
Version *-0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.85% 0.967
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://securityreason.com/securityalert/4060
http://www.securityfocus.com/bid/30365
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/43987
https://www.exploit-db.com/exploits/6127
https://www.wordfence.com/threat-intel/vulnerabilities/id/9b458323-5fca-4fed-8c98-dfe69fd7a997
Third Party Advisory