CVE-2020-24312
published 2020-08-26CVE-2020-24312: mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
16.33%
96.6th percentile
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| filemanagerpro | file_manager | <= 6.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Send an unauthenticated HTTP GET request to /wp-content/uploads/wp-file-manager-pro/fm_backup/ and check for a 200 response containing directory listing indicators. ↗
- →A vulnerable response will contain all three strings: 'Index of', 'wp-content/uploads/wp-file-manager-pro/fm_backup', and 'backup_' in the response body, with HTTP status 200. ↗
- ·The vulnerability affects WP File Manager v6.4 and lower; the fm_backups directory lacks a .htaccess restriction, allowing unauthenticated directory browsing and file download. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
nuclei·CVSS 7.5
CVE-2020-24312 [HIGH] WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.
Template:
id: CVE-2020-24312
info:
name: WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
author: x1m_martijn
severity: high
description: |
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that
No writeups or analysis indexed.
2020-08-26
Published