exploitDog

CVE-2022-3125

Опубликовано: 03 окт. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE

Ссылки

https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*

Версия до 21.3 (исключая)

EPSS

Процентиль: 80%

0.01446

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-3125

CVSS3: 8.8

ubuntu

больше 3 лет назад

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE

GHSA-q6gp-rjmw-h7qw

CVSS3: 8.8

github

больше 3 лет назад

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE

EPSS

Процентиль: 80%

0.01446

Низкий

8.8 High

CVSS3

Дефекты

CWE-434