CVE-2020-25213
CVE-2020-25213
Em resumo
O plugin File Manager para WordPress permite que atacantes façam upload e executem código PHP malicioso no site. Um arquivo de configuração inseguro foi renomeado, permitindo que criminosos ganhem controle total do servidor.
Detalhe técnico
O conector elFinder do plugin está configurado de forma insegura, permitindo que atacantes remotos explorem os comandos de upload, mkfile e put para escrever arquivos PHP arbitrários em wp-content/plugins/wp-file-manager/lib/files/. Não há requisito de autenticação e a exploração bem-sucedida resulta em execução remota de código com privilégios do servidor web.
Resumo gerado e traduzido por IA a partir da descrição oficial.
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N
Produtos afetados
n/a · n/aPoCs públicas encontradas — 14
githubgithub.com/mansoorr123/wp-file-manager-CVE-2020-25213★ 58githubgithub.com/BLY-Coder/Python-exploit-CVE-2020-25213★ 6githubgithub.com/E1tex/Python-CVE-2020-25213★ 3githubgithub.com/kakamband/WPKiller★ 1githubgithub.com/Cmadhushanka/wordpress-rce-vapt-cve-2020-25213★ 0githubgithub.com/0000000O0Oo/Wordpress-CVE-2020-25213★ 0githubgithub.com/piruprohacking/CVE-2020-25213★ 0githubgithub.com/b1ackros337/CVE-2020-25213★ 0githubgithub.com/KienHoSD/wp-file-manager-exploit-CVE-2020-25213-with-Zerologon★ 0githubgithub.com/forse01/CVE-2020-25213-Wordpress★ 0cve_referencepacketstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.htmlnão verificadocve_referencepacketstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/51224não verificadoexploitdbwww.exploit-db.com/exploits/49178não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.htmlhttps://github.com/w4fz5uck5/wp-file-manager-0dayhttps://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.htmlhttps://plugins.trac.wordpress.org/changeset/2373068https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/https://wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/https://wordpress.org/plugins/wp-file-manager/#developershttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25213https://zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/