'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

web_app:wordpress_download_manager_3.3.06_unauthorized_access_vul(Rule ID:1070210474)

Release Date2025/9/15

Rule NameCVE-2024-13126:WordPress Plugin Download Manager 3.3.06 Unauthorized Access Vulnerability

Severity:mid

CVE IDCVE-2024-13126

 

Descripiton

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. This platform supports the setup of personal blog websites on servers running PHP and MySQL. A WordPress plugin is an application plugin. Versions of the WordPress plugin Download Manager prior to 3.3.07 have a security vulnerability. This vulnerability stems from not blocking directory listings on web servers that do not use .htaccess, which may lead to unauthorized file access. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.