CVE-2016-15042
published 2024-10-16CVE-2016-15042: The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.51%
91.8th percentile
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| najeebmedia | frontend_file_manager | < 4.0 | 4.0 |
| najeebmedia | post_front-end_form | < 1.1 | 1.1 |
| nmedia | frontend_file_manager_plugin | < 4.0 | 4.0 |
| nmedia | n-media_post_front-end_form | <= 1.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/admin-ajax.php
path/wp-content/uploads/post_files/
path/wp-content/uploads/user_uploads/
commandaction=nm_postfront_upload_file
commandaction=nm_filemanager_upload_file
- →Detect unauthenticated POST requests to /wp-admin/admin-ajax.php with multipart form-data containing the AJAX action 'nm_postfront_upload_file' — indicates exploitation of N-Media Post Front-end Form arbitrary file upload (CVE-2016-15042).
- →Detect unauthenticated POST requests to /wp-admin/admin-ajax.php with multipart form-data containing the AJAX action 'nm_filemanager_upload_file' — indicates exploitation of Frontend File Manager arbitrary file upload (CVE-2016-15042).
- →Monitor for newly created files under /wp-content/uploads/post_files/ and /wp-content/uploads/user_uploads/ — successful exploitation drops attacker-controlled files in these directories, potentially enabling remote code execution.
- →Alert on HTTP 200 responses to GET requests for files under /wp-content/uploads/user_uploads/ or /wp-content/uploads/post_files/ immediately following a POST to admin-ajax.php with nm_filemanager_upload_file or nm_postfront_upload_file actions — confirms successful arbitrary file upload.
- →The vulnerability is exploitable by unauthenticated attackers via AJAX actions with no file type validation — no session cookie or nonce is required in the exploit request. ↗
- ·Affected plugin versions: Frontend File Manager < 4.0 and N-Media Post Front-end Form < 1.1. Detections should be scoped to sites running these versions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-98v8-mh4j-wqg7: The Frontend File Manager (versions < 4
ghsa_unreviewed·2024-10-16
CVE-2016-15042 [CRITICAL] CWE-434 GHSA-98v8-mh4j-wqg7: The Frontend File Manager (versions < 4
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
VulnCheck
Frontend File Manager and N-Media Post Front-end Form plugins for WordPress nm_filemanager_upload_file and nm_postfront_upload_file AJAX Vulnerability
vulncheck·2016·CVSS 9.8
CVE-2016-15042 [CRITICAL] Frontend File Manager and N-Media Post Front-end Form plugins for WordPress nm_filemanager_upload_file and nm_postfront_upload_file AJAX Vulnerability
Frontend File Manager and N-Media Post Front-end Form plugins for WordPress nm_filemanager_upload_file and nm_postfront_upload_file AJAX Vulnerability
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected: N-Media Frontend File Manager and N-Media Post Front-end Form plugins for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or
No detection rules found.
Nuclei
WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2016-15042 [CRITICAL] WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload
WordPress Frontend File Manager "
flow: http(1) || http(2)
http:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary{{randstr_val}}
------WebKitFormBoundary{{randstr_val}}
Content-Disposition: form-data; name="action"
nm_postfront_upload_file
------WebKitFormBoundary{{randstr_val}}
Content-Disposition: form-data; name="name"
{{filename}}
------WebKitFormBoundary{{randstr_val}}
Content-Disposition: form-data; name="file"; filename="{{filename}}"
Content-Type: application/octet-stream
{{content}}
------WebKitFormBoundary{{randstr_val}}--
- |
GET /wp-content/uploads/post_files/{{filename}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
name: n-media-post-frontend-upload
dsl:
- 'status_code == 200'
-
No writeups or analysis indexed.
https://wordpress.org/plugins/nmedia-user-file-uploader/#developershttps://wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-post-front-end-form-arbitrary-file-upload-1-0/https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin/https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form/https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=cve
2024-10-16
Published
Exploited in the wild