Advanced Access Manager < 5.9.9 - Arbitrary File Access/Download



Description
Advanced Access Manager before Version 5.9.9 allows reading arbitrary files without checking whether a user is allowed to read the given file. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
Proof of Concept
example.com/?aam-media=wp-config.php

Affects Plugin

fixed in version 5.9.9

Classification

Type BYPASS

Miscellaneous

Original Researcher Props to Ov3rfly
Submitter Daniel Winzen
Submitter Website https://danwin1210.me
Views 3295
Verified No
WPVDB ID 9873

Timeline

Publicly Published 2019-09-05 (2 months ago)
Added 2019-09-09 (2 months ago)
Last Updated 2019-09-09 (2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin