Exploit for #VU46202 Arbitrary file upload in File Manager

Published: 2020-10-14 | Updated: 2024-10-25

Vulnerability identifier: #VU46202

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2020-25213

CWE-ID: CWE-434

Exploitation vector: Network

Exploits in database: 11

October 25, 2024
- WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE [Exploit-DB]
December 6, 2023
- CVE-2020-25213 () [Github]
August 3, 2023
- Python-CVE-2020-25213 (Python Interactive Exploit for WP File Manager Vulnerability. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example e [Github]
January 23, 2023
- Python-exploit-CVE-2020-25213 (Python exploit for RCE in Wordpress) [Github]
May 24, 2022
- CVE-2020-25213 () [Github]
May 11, 2022
- CVE-2020-25213-wordpress-wp-file-manager-fileupload (WordPress的文件管理器插件（wp-file-manager）6.9版本之前存在安全漏洞，该漏洞允许远程攻击者上传和执行任意PHP代码。) [Github]
March 14, 2021
- Wordpress-CVE-2020-25213 (Will write a python script for exploiting this vulnerability ) [Github]
January 18, 2021
- 0day-elFinder-2020 (Zero-Day Vulnerability in File Manager Plugin 6.7 ( CVE 2020-25213 )) [Github]
November 17, 2020
- WPKiller (CVE-2020-25213 Wordpress File Manager 6.7 Plugin 0day exploit) [Github]
November 10, 2020
- WordPress File Manager Unauthenticated Remote Code Execution [Metasploit]
October 14, 2020
- wp-file-manager-CVE-2020-25213 (https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8) [Github]

Vulnerable software:
File Manager
Web applications / Modules and components for CMS

Vendor: mndpsingh287