Lucene search
HistoryOct 03, 2022 - 2:15 p.m.
CVE-2022-3125
wordpress
file manager
arbitrary extension
rce
cve-2022-3125
plugin vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.9%
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
Affected configurations
Node
najeebmediafrontend_file_managerRange<21.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| najeebmedia | frontend_file_manager | * | cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:* |
Related
wpexploit
wpexploit
Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload
2022-09-07 00:00:00
cnvd
cnvd
WordPress Frontend File Manager Arbitrary File Upload Vulnerability
2022-10-11 00:00:00
ubuntucve
ubuntucve
CVE-2022-3125
2022-10-03 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload
2022-09-07 00:00:00
prion
prion
Design/Logic Flaw
2022-10-03 14:15:00
cvelist
cvelist
cve
cve
CVE-2022-3125
2022-10-03 14:15:20
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.9%
Related for NVD:CVE-2022-3125