SB2019071028 - SQL injection in mndpsingh287 File Manager for WordPress

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019071028

SB2019071028 - SQL injection in mndpsingh287 File Manager for WordPress

Published: July 10, 2019 Updated: July 27, 2019

Security Bulletin ID SB2019071028
Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) SQL injection (CVE-ID: N/A)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to not checking the authentication of the user properly in the wp_ajax_* action calls. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to backup download, backup deletion and backup restoration in the backup feature of the plugin.

The following registered wp_ajax_* hooks are vulnerable: mk_file_manager_backup_remove_callback, mk_file_manager_single_backup_remove_callback, mk_file_manager_single_backup_logs_callback and mk_file_manager_single_backup_restore_callback.


Remediation

Install update from vendor's website.

References