7.2
CVE-2022-3076
- EPSS 0.81%
- Veröffentlicht 26.09.2022 13:15:11
- Zuletzt bearbeitet 22.05.2025 16:15:53
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginCM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
Mögliche Gegenmaßnahme
CM Download Manager – Organize, Protect & Share Files in WordPress: Update to version 2.8.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
CM Download Manager – Organize, Protect & Share Files in WordPress
Version
*-2.8.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cminds ≫ Cm Download Manager SwPlatformwordpress Version < 2.8.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.81% | 0.735 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.