Vulnerabilities > CVE-2020-24141 - Server-Side Request Forgery (SSRF) vulnerability in Wp-Downloadmanager Project Wp-Downloadmanager 1.68.4

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
wp-downloadmanager-project
CWE-918

Summary

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services

Vulnerable Configurations

Part Description Count
Application
Wp-Downloadmanager_Project
1

Common Weakness Enumeration (CWE)