WordPress Plugin Wpfilemanager 6.8 RCE
Impact: High
Description
OS Command Execution, also known as Command Injection, is a severe vulnerability that allows attackers to execute arbitrary commands on the host operating system. Attackers exploit this vulnerability by injecting malicious commands through forms, cookies, or HTTP headers. These commands run with the privileges of the vulnerable application, leading to unauthorized access, data theft, and system compromise.
Recommendation
Update or remove the affected plugin.
References
- CVE-2020-25213
- CWE-20
- CWE-78
- OWASP 2021-A3
- OWASP 2021-A6
- OWASP: Command Injection
- WordPress
- WordPress: File Manager
👉 You might also like:
Joomla! 1.5 < 3.4.5 RCE - CVE-2015-8562
The ShellShock Bug - CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278
WordPress 4.6 Blind OS Command Execution - CVE-2016-10033
Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230
Last updated on May 13, 2024