Code injection

2023-09-0412:15:00

PRIOn knowledge base

www.prio-n.com

code injection

advanced file manager

unauthorized access

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

CPENameOperatorVersion
advanced_file_managerlt5.1.1

CPE	Name	Operator	Version
	advanced_file_manager	lt	5.1.1

References

wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339