CVE-2020-24312

nvd nist nuclei

Published: Aug 26, 2020Modified: Mar 24, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.

Affected (1)

Products: Filemanagerpro: File Manager

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Filemanagerpro File Manager	Up to 6.4

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/

Source: cve@mitre.org

ExploitThird Party AdvisoryURL Repurposed

https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryURL Repurposed

Timeline

No history available yet.