Описание
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.3 (исключая)
cpe:2.3:a:bitapps:file_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 58%
0.0036
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 6.5
github
около 2 лет назад
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
EPSS
Процентиль: 58%
0.0036
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-552