CVE-2020-25213

National Vulnerability Database Information

Descrizione: The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.

Base Score CVSS: 10.0 (v3.1)

Il **Base Score CVSS** è un punteggio da **0 a 10** che rappresenta la gravità intrinseca di una vulnerabilità. Un punteggio più alto indica una gravità maggiore.

Riferimenti NVD

• http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html
• https://github.com/w4fz5uck5/wp-file-manager-0day
• https://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.html
• https://plugins.trac.wordpress.org/changeset/2373068
• https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
• https://wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
• https://wordpress.org/plugins/wp-file-manager/#developers
• https://zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/
• http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html
• https://github.com/w4fz5uck5/wp-file-manager-0day
• https://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.html
• https://plugins.trac.wordpress.org/changeset/2373068
• https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
• https://wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
• https://wordpress.org/plugins/wp-file-manager/#developers
• https://zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/

Exploit PoC da GitHub

• mansoorr123/wp-file-manager-CVE-2020-25213: https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8
• Aron-Tn/0day-elFinder-2020: Zero-Day Vulnerability in File Manager Plugin 6.7 ( CVE 2020-25213 )
• BLY-Coder/Python-exploit-CVE-2020-25213: Python exploit for RCE in WordPress
• kakamband/WPKiller: CVE-2020-25213 WordPress File Manager 6.7 Plugin 0day exploit
• E1tex/Python-CVE-2020-25213: Python Interactive Exploit for WP File Manager Vulnerability. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension.