返回 CVE 瀏覽器

CVE-2020-25213

Known Exploited (CISA KEV)CRITICAL

10.0

CVSS Severity Score

EPSS Score65.6630%

EPSS Percentile92.29th

Published2020年9月9日

Last Modified2025年11月7日

Vulnerability Description

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.

Affected Platforms (CPE)

📦

Filemanagerpro

File Manager

< 6.9

References & Advisories

🔗 http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html

🔗 http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html

🔗 https://github.com/w4fz5uck5/wp-file-manager-0day

🔗 https://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.html

🔗 https://plugins.trac.wordpress.org/changeset/2373068

🔗 https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/

🔗 https://wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/

🔗 https://wordpress.org/plugins/wp-file-manager/#developers

相關漏洞威脅

CVE-2020-941210.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...

CVE-2020-941110.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...

CVE-2019-1665010.0

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same ...

CVE-2020-636410.0

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to m...