Exploit for #VU46202 Arbitrary file upload in File Manager

Published: 2020-10-14 | Updated: 2023-12-06

Vulnerability identifier: #VU46202

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-25213

CWE-ID: CWE-434

Exploitation vector: Network

Exploits in database: 10

December 6, 2023
- CVE-2020-25213 () [Github]
August 3, 2023
- Python-CVE-2020-25213 (Python Interactive Exploit for WP File Manager Vulnerability. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example e [Github]
January 23, 2023
- Python-exploit-CVE-2020-25213 (Python exploit for RCE in Wordpress) [Github]
May 24, 2022
- CVE-2020-25213 () [Github]
May 11, 2022
- CVE-2020-25213-wordpress-wp-file-manager-fileupload (WordPress的文件管理器插件（wp-file-manager）6.9版本之前存在安全漏洞，该漏洞允许远程攻击者上传和执行任意PHP代码。) [Github]
March 14, 2021
- Wordpress-CVE-2020-25213 (Will write a python script for exploiting this vulnerability ) [Github]
January 18, 2021
- 0day-elFinder-2020 (Zero-Day Vulnerability in File Manager Plugin 6.7 ( CVE 2020-25213 )) [Github]
November 17, 2020
- WPKiller (CVE-2020-25213 Wordpress File Manager 6.7 Plugin 0day exploit) [Github]
November 10, 2020
- WordPress File Manager Unauthenticated Remote Code Execution [Metasploit]
October 14, 2020
- wp-file-manager-CVE-2020-25213 (https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8) [Github]

Impact: Code execution

Vulnerable software:
File Manager
Web applications / Modules and components for CMS

Vendor: mndpsingh287