CVE-2022-3076

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
References
Link Resource
https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd Exploit Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cminds:cm_download_manager:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-09-26 13:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-3076

Mitre link : CVE-2022-3076

CVE.ORG link : CVE-2022-3076


JSON object : View

Products Affected

cminds

  • cm_download_manager
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type