Lucene search

[email protected]CVE-2022-0403

HistoryApr 04, 2022 - 4:15 p.m.

CVE-2022-0403

2022-04-0416:15:09

CWE-434

[email protected]

web.nvd.nist.gov

131

cve-2022-0403

wordpress plugin

library file manager

elfinder library

security issues

csrf

authorization

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8.7 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders.

Affected configurations

Vulners

NVD

Node

wpjoslibrary_file_managerRange<5.2.3

VendorProductVersionCPE
wpjoslibrary_file_manager*cpe:2.3:a:wpjos:library_file_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpjos	library_file_manager	*	cpe:2.3:a:wpjos:library_file_manager::::::::

CNA Affected

[
  {
    "product": "Library File Manager",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.2.3",
        "status": "affected",
        "version": "5.2.3",
        "versionType": "custom"
      }
    ]
  }
]