The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd | Exploit Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-09-26 13:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-3076
Mitre link : CVE-2022-3076
CVE.ORG link : CVE-2022-3076
JSON object : View
Products Affected
cminds
- cm_download_manager
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type