CVE-2016-15042

CRITICAL9.8

Public PoC

Description

The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

nmedia / Frontend File Manager Plugin0 – 4.0
nmedia / N-Media Post Front-end Form0 – 1.0

Exploits & PoCs

nucleiWordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Uploadby jsnv-dev

References

MISChttps://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=cve
MISChttps://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin/
MISChttps://wordpress.org/plugins/nmedia-user-file-uploader/#developers
MISChttps://wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7
MISChttps://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form/
MISChttps://www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-post-front-end-form-arbitrary-file-upload-1-0/