mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-26T12:47:53

Updated: 2024-08-04T15:12:08.333Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-24312

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-08-26T13:15:10.860

Modified: 2024-11-21T05:14:35.103

Link: CVE-2020-24312

cve-icon Redhat

No data.