htaccess could be worked around by combining this with a local file inclusion (LFI) vulnerability to load the file indirectly or with a vulnerability that allows deleting files and deleting the. htaccess file that restricts access to the files. Having to be logged in as a Author level user or above limits the threats of this vulnerability and it is further limited by the fact that the directory the files uploaded by the plugin are stored in, /wp-content/uploads/download-manager-files/, contains a. Check_ajax_referer ( 'wpdm_admin_upload_file' ) if ( !current_user_can ( 'upload_files' ) ) die ( '-2' ) if ( file_exists (UPLOAD_DIR.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |