ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Download Manager Plugin <= 0.2 - Arbitrary File Upload

Product
Download Manager
Description
Because of this vulnerability in upload.php, the attackers can execute arbitrary code by uploading a file with an executable extension via the "upfile" parameter.
Solution
Update the plugin.
Classification
Type Arbitrary File Upload
References
CVE Mitre
CVE
Name CVE-2008-3362
Versions
Affected In <= 0.2
Fixed In 0.3
Disclosure date
2008-07-30
Credits
SaO