I've found a vulnerability that afflict the Ajax File Manager plugin. The vulnerable code is located in /admin/editor/plugins/ajaxfilemanager/ajax_create_folder.php
- Code: Select all
The writeInfo() function simply write all the $_POST content into a file called 'data.php' so an attacker could be able to execute arbitrary PHP code.
I suggest to comment out the entire line 13 otherwise you could change 'data.php' with 'data.txt' into /admin/editor/plugins/ajaxfilemanager/inc/function.base.php