exploitDog

CVE-2022-3124

Опубликовано: 03 окт. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

Ссылки

https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*

Версия до 21.3 (исключая)

EPSS

Процентиль: 92%

0.07544

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

CVE-2022-3124

CVSS3: 5.3

ubuntu

больше 3 лет назад

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

GHSA-wvhv-jqpm-79vj

CVSS3: 5.3

github

больше 3 лет назад

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

EPSS

Процентиль: 92%

0.07544

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862