CVE-2014-8585 — Link Following in Download Manager

CWE-59 — Link Following4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 64.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

W3eden Download Manager

Timeline

PublishedNov 4

Latest updateMay 13

Description

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDw3eden/download_manager104 versions+103

🔴Vulnerability Details

GHSA

GHSA-482j-63pf-fmxq: Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a↗2022-05-13

▶

CVEList

CVE-2014-8585: Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a↗2014-11-04

▶

💥Exploits & PoCs

Exploit-DB

Mulesoft ESB Runtime 3.5.1 - Privilege Escalation↗2014-10-27

▶