CVE-2018-19042

EPSS 10.0%

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/45809/unverified exploitdbwww.exploit-db.com/exploits/45809unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/45809/