2021-01-02 04:56:15 +00:00
id : CVE-2020-24312
2020-09-30 14:30:06 +00:00
info :
name : WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
author : x1m_martijn
severity : high
2021-03-18 13:13:45 +00:00
description : |
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.
reference : https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/
2021-02-05 19:44:41 +00:00
tags : cve,cve2020,wordpress,backups
2020-09-30 14:30:06 +00:00
# NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-24312
# Source: https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/
# Note: Manually check content
requests :
- method : GET
path :
- '{{BaseURL}}/wp-content/uploads/wp-file-manager-pro/fm_backup/'
2021-08-10 01:43:58 +00:00
2020-09-30 14:30:06 +00:00
matchers-condition : and
matchers :
- type : status
status :
2020-09-30 14:44:12 +00:00
- 200
- type : word
words :
2021-08-10 01:43:58 +00:00
- 'Index of'
- type : word
part : header
words :
- "text/html"
negative : true
- type : word
part : body
words :
- "html>"
negative : true