CVE-2022-3124

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-3124

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

T

he Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

References
Link Resource
https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608 Exploit Third Party Advisory
https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*
History

21 Nov 2024, 07:18

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608 - Exploit, Third Party Advisory
Information

Published : 2022-10-03 14:15

Updated : 2024-11-21 07:18

NVD link : CVE-2022-3124

Mitre link : CVE-2022-3124

CVE.ORG link : CVE-2022-3124

JSON object : View

Products Affected

najeebmedia

CWE
CWE-862

Missing Authorization