CVE-2022-2431
Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the 'file[files]' parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server.
El plugin Download Manager para WordPress es vulnerable a la eliminación arbitraria de archivos en versiones hasta 3.2.50 incluyéndola. Esto es debido a la insuficiente comprobación del tipo de archivo y de la ruta en la función deleteFiles() que es encontrado en el archivo ~/Admin/Menu/Packages.php y que es desencadenado cuando es eliminado una entrada de descarga. Esto hace posible que los usuarios de nivel de colaborador y superior suministren una ruta de archivo arbitraria por medio del parámetro "file[files]" cuando es creado una entrada de descarga y, una vez que el usuario elimina la entrada, el archivo arbitrario suministrado será eliminado. Esto puede ser usado por atacantes para eliminar el archivo /wp-config.php que restablecerá la instalación y hará posible que un atacante logre una ejecución de código remota en el servidor.
WordPress Download Manager plugin versions 3.2.50 and below suffer from an arbitrary file deletion vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-15 CVE Reserved
- 2022-07-27 CVE Published
- 2024-06-25 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-73: External Control of File Name or Path
- CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://packetstormsecurity.com/files/167920/wpdownloadmanager3250-filedelete.txt | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.wordfence.com/blog/2022/08/high-severity-vulnerability-patched-in-download-manager-plugin | 2024-08-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wpdownloadmanager Search vendor "Wpdownloadmanager" | Wordpress Download Manager Search vendor "Wpdownloadmanager" for product "Wordpress Download Manager" | <= 3.2.50 Search vendor "Wpdownloadmanager" for product "Wordpress Download Manager" and version " <= 3.2.50" | wordpress |
Affected
|