Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress Giribaz File Manager插件安全漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Giribaz File Manager plugin是使用在其中的一个文件管理插件。 WordPress Giribaz File Manager插件5.0.2之前版本中的inc/logger.php文件存在安全漏洞,该漏洞源于程序没有保护添加到log.txt文档的wp-config.php内容。攻击者可利用该漏洞获取敏感信息(例如:数据库凭证)。
CVSS Information
N/A
Vulnerability Type
N/A