Vigil@nce - WordPress WP-Filebase Download Manager: code execution via Admin.php
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use Admin.php of WordPress WP-Filebase Download
Manager, in order to execute code.
Impacted products: WordPress Plugins
Severity: 2/4
Creation date: 21/03/2014
DESCRIPTION OF THE VULNERABILITY
The WP-Filebase Download Manager plugin can be installed on
WordPress.
However, an authenticated attacker can use the classes/Admin.php
script in order to inject shell commands.
An attacker can therefore use Admin.php of WordPress WP-Filebase
Download Manager, in order to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN