9.8
CVE-2016-15042
- EPSS 73.85%
- Veröffentlicht 16.10.2024 08:15:02
- Zuletzt bearbeitet 30.10.2024 21:12:53
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginFrontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Mögliche Gegenmaßnahme
Frontend File Manager Plugin: Update to version 4.0, or a newer patched version
N-Media Post Front-end Form: Update to version 1.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Frontend File Manager Plugin
Version
[*, 4.0)
SystemWordPress Plugin
≫
Produkt
N-Media Post Front-end Form
Version
*-1.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Najeebmedia ≫ Frontend File Manager SwPlatformwordpress Version < 4.0
Najeebmedia ≫ Post Front-end Form SwPlatformwordpress Version < 1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 73.85% | 0.988 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.