CVE-2020-24144
Description
Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder.
Vulnerability Type
Directory Traversal
Vendor of Product
Sherif Mesallam
Affected Product Code Base
Wordpress Plugin - media-file-organizer - 1.0.1
Attack Type
Remote
Impact Information Disclosure
true
Reference
- https://ru.wordpress.org/plugins/media-file-organizer/
- https://github.com/secwx/research/blob/main/cve/CVE-2020-24144.md
Has vendor confirmed or acknowledged the vulnerability?
true
Discoverer
Suzhou Aurora Infinity Information Technology Co., Ltd.