VYPR
Unrated severityNVD Advisory· Published Jul 7, 2021· Updated Aug 4, 2024

CVE-2020-24141

CVE-2020-24141

Description

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.