exploitDog

CVE-2023-3814

Опубликовано: 04 сент. 2023

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

Ссылки

https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339
Third Party Advisory
https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339
Third Party Advisory
https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:advancedfilemanager:advanced_file_manager:*:*:*:*:*:wordpress:*:*

Версия до 5.1.1 (исключая)

EPSS

Процентиль: 37%

0.00157

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-26r5-gf8m-4xfr

CVSS3: 4.9

github

больше 2 лет назад

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

EPSS

Процентиль: 37%

0.00157

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-863