WordPress wp-FileManager File Download Vulnerability

by Carol~ Moderator - 5/17/13 11:55 AM

In Reply to: VULNERABILITIES / FIXES - May 17, 2013 by Carol~ Moderator

Release Date : 2013-05-16
Last Update : 2013-05-17

Criticality level : Less critical
Impact: Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: WordPress wp-FileManager Plugin 1.x

Description:
A vulnerability has been discovered in the wp-FileManager plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.

The application does not properly restrict access to wp-content/plugins/wp-filemanager/incl/libfile.php, which can be exploited to download arbitrary files via directory traversal sequences.

Successful exploitation of this vulnerability requires "Allow Download" enabled in the wp-FileManager plugin settings.

The vulnerability is confirmed in version 1.3.0. Prior versions may also be affected.

Solution:
Update to version 1.4.0.

Provided and/or discovered by:
ByEge

Original Advisory:
wp-FileManager:
http://wordpress.org/extend/plugins/wp-filemanager/changelog/

ByEge:
http://packetstormsecurity.com/files/121637/WordPress-wp-FileManager-File-Download.html

http://secunia.com/advisories/53421