CVE-2022-3125

Published: Oct 3, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE

Affected (1)

Products: Najeebmedia: Frontend File Manager

1 product

Frontend File Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Najeebmedia Frontend File Manager	Before 21.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.