ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Miwo FTP Plugin 1.0.5 - CSRF Arbitrary File Deletion Exploit

Product
Miwo FTP
Description
Miwo FTP plugin's "post" parameter is prone to CSRF Arbitrary File Deletion Exploit vulnerability. Because of "seselitems[]" parameter is not properly sanitised, the files can be deleted with the permissions of the web server.
Solution
Update the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.5
Fixed In 1.0.6
Disclosure date
2015-04-14
Credits
LiquidWorm