CVE-2020-24146
Description
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service.
VulnerabilityType Other
Path manipulation vulnerability
Vendor of Product
CreativeMindsSolutions
Affected Product Code Base
Wordpress Plugin: cm-download-manager - 2.7.0
Attack Type
Remote
Impact Denial of Service
true
Reference
- https://wordpress.org/plugins/cm-download-manager/#developers
- https://github.com/secwx/research/blob/main/cve/CVE-2020-24146.md
Has vendor confirmed or acknowledged the vulnerability?
true
Discoverer
Suzhou Aurora Infinity Information Technology Co., Ltd.