CVE-2008-3362 – Downloads Manager <= 0.2 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2008-3362

Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/. Vulnerabilidad de subida de ficheros sin restricción en upload.php en el módulo Giulio Ganci Wp Downloads Manager 0.2 para WordPress, permite a atacantes remotos ejecutar código de su elección subiendo un fichero de su elección con una extensión ejecutable a través del parámetro "upfile", y posteriormente accediendo a él con una petición directa al archivo en wp-content/plugins/downloads-manager/upload/. The Downloads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on files supplied via the 'upfile' parameter in versions up to, and including, 0.2. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible when accessed from the wp-content/plugins/downloads-manager/upload/ directory. • https://www.exploit-db.com/exploits/6127 http://securityreason.com/securityalert/4060 http://www.securityfocus.com/bid/30365 https://exchange.xforce.ibmcloud.com/vulnerabilities/43987 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •