The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.
References
Configurations
History
11 Sep 2024, 16:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:bitapps:file_manager:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-362 | |
First Time |
Bitapps
Bitapps file Manager |
|
References | () https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L39 - Product | |
References | () https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L88 - Product | |
References | () https://plugins.trac.wordpress.org/changeset/3138710/ - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=cve - Third Party Advisory |
05 Sep 2024, 12:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Sep 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-05 03:15
Updated : 2024-09-11 16:31
NVD link : CVE-2024-7627
Mitre link : CVE-2024-7627
CVE.ORG link : CVE-2024-7627
JSON object : View
Products Affected
bitapps
- file_manager