• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

WordPress Wp Downloads Manager Module 'upload.php' Arbitrary File Upload Vulnerability

The Wp Downloads Manager module for WordPress is prone to a vulnerability that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied input.

Successfully exploiting this issue will allow attackers to upload and execute arbitrary PHP code within the context of the webserver process. This may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Wp Downloads Manager 0.2 is vulnerable; other versions may also be affected.