CVE-2022-3124

nvd nist nuclei

Published: Oct 3, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

Affected (1)

Products: Najeebmedia: Frontend File Manager

1 product

Frontend File Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Najeebmedia Frontend File Manager	Before 21.3

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.