The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919e | Exploit Third Party Advisory |
Configurations
History
13 Dec 2023, 19:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-11 20:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-5907
Mitre link : CVE-2023-5907
CVE.ORG link : CVE-2023-5907
JSON object : View
Products Affected
bitapps
- file_manager
CWE
CWE-552
Files or Directories Accessible to External Parties