exploitDog

CVE-2022-3076

Опубликовано: 26 сент. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.

Ссылки

https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd
Exploit
Patch
Third Party Advisory
https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cminds:cm_download_manager:*:*:*:*:*:wordpress:*:*

Версия до 2.8.6 (исключая)

EPSS

Процентиль: 74%

0.00811

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-9q5w-5rhq-cpgp

CVSS3: 7.2

github

больше 3 лет назад

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.

EPSS

Процентиль: 74%

0.00811

Низкий

7.2 High

CVSS3

Дефекты

CWE-434