Revived Wire Media’s PHP File Manager got some issues…
Sijmen Ruwhof, who also analysed the malware spread through NU.nl back in 2012, found some serious security vulnerabilities in a PHP web application called “PHP File Manager”. One, among others, is a backdoor for Revived Wire Media to use. How sick is that?! Another vulnerability makes it easy to download confidential files.
To quote Sijmen:
In July 2010 I was looking for a web based file manager that I could use on my own web server. After some research I found the PHP File Manager from Revived Wire Media. A basic, but good looking web based file manager for just $ 5. I bought it and installed it on a test server to see how it worked and if it was safe.
After looking at it, I did some shocking findings which I’ll disclose in this article. This commercial off the shelf software product contains several critical security vulnerabilities that can be easily unauthenticated remotely exploited. On top of that, it even includes a poorly secured backdoor, leaving this web based file manager completely open.
Read the full disclosure here:
Full disclosure: multiple critical security vulnerabilities (including a backdoor!) in PHP File Manager