The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608 - Exploit, Third Party Advisory |
Information
Published : 2022-10-03 14:15
Updated : 2024-11-21 07:18
NVD link : CVE-2022-3124
Mitre link : CVE-2022-3124
CVE.ORG link : CVE-2022-3124
JSON object : View
Products Affected
najeebmedia
- frontend_file_manager
CWE
CWE-862
Missing Authorization