CVE-2023-5907

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitapps:file_manager:*:*:*:*:*:wordpress:*:*

History

13 Dec 2023, 19:55

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-11 20:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-5907

Mitre link : CVE-2023-5907

CVE.ORG link : CVE-2023-5907


JSON object : View

Products Affected

bitapps

  • file_manager
CWE
CWE-552

Files or Directories Accessible to External Parties