CVE-2023-2068

Published: Jun 27, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

Affected (1)

Products: Advancedfilemanager: File Manager Advanced Shortcode

Advancedfilemanager

1 product

File Manager Advanced Shortcode

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advancedfilemanager File Manager Advanced Shortcode	Up to 2.3.2

References (4)

http://packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html

Source: contact@wpscan.com

ExploitThird Party AdvisoryVDB Entry

https://wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056

Source: contact@wpscan.com

ExploitThird Party Advisory

http://packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.