CVE-2018-19041
published 2019-01-31CVE-2018-19041: The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
PriorityP339medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.63%
83.6th percentile
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| media_file_manager_project | media_file_manager | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CloudMe 1.11.2 - Buffer Overflow ROP (DEP_ASLR)
exploitdb·2020-09-29·CVSS 9.8
CVE-2018-6892 [CRITICAL] CloudMe 1.11.2 - Buffer Overflow ROP (DEP_ASLR)
CloudMe 1.11.2 - Buffer Overflow ROP (DEP_ASLR)
---
# Exploit Title: CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR)
# Exploit Author: Bobby Cooke (boku)
# CVE: CVE-2018-6892
# Date: 2020-09-29
# Vendor Homepage: https://www.cloudme.com/
# Software Link: https://www.cloudme.com/downloads/CloudMe_1112.exe
# Version: 1.11.2
# Tested On: Windows 10 (x64) - 10.0.19041 Build 19041
# Script: Python 2.7
# Notes:
# This exploit uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the
# Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be
# running as adminstrator, such as when ran with 'Run as Administrator'; as this permission is required
# to create new users on the system. This exploit has been tested against multiple Wi
Exploit-DB
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
exploitdb·2018-11-12
CVE-2018-19040 WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
---
# Exploit Title: Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
# Date: 2018-05-11
# Exploit Author: Pasquale Turi (aka boombyte)
# Vendor Homepage: https://wordpress.org/plugins/media-file-manager/
# Software Link: https://wordpress.org/plugins/media-file-manager/
# Version: 1.4.2
# CVE: N/A
# Tested on: Ubuntu 18.10
# Plugin description:
# This plugin can be used for manage the uploaded file (we can rename files, see a preview,
# delete and move them to other folders under wordpress upload folder).
# This plugin can be used by administrator, author, contributor and subscriber.
# POC
# Diretory trasversal:
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: 127.0.0.1
User-Ag
No writeups or analysis indexed.
2019-01-31
Published