Back to search
CVE-2018-7204
Published: Mar 7, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://wordpress.org/plugins/file-manager/#developers
x_refsource_CONFIRM
https://wpvulndb.com/vulnerabilities/9036
x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/1823035/file-manager
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now