CVE-2022-3124

{"id": "CVE-2022-3124", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-10-03T14:15:19.833", "references": [{"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"}, {"lang": "es", "value": "El plugin Frontend File Manager de WordPress versiones anteriores a 21.3, permite a cualquier usuario no autenticado renombrar los archivos descargados por los usuarios. Adem\u00e1s, debido a una falta de comprobaci\u00f3n en el nombre de archivo de destino, esto podr\u00eda permitirles cambiar el contenido de archivos arbitrarios en el servidor web"}], "lastModified": "2022-10-04T20:42:58.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "03C2E48E-760E-441B-8004-2A4654D4163B", "versionEndExcluding": "21.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}