Описание
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.
Уязвимые конфигурации
Конфигурация 1Версия до 3.0 (включая)
cpe:2.3:a:filemanagerpro:file_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 82%
0.01701
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.
EPSS
Процентиль: 82%
0.01701
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-862