8.1
CVE-2022-3899
- EPSS 0.4%
- Veröffentlicht 16.01.2024 16:15:10
- Zuletzt bearbeitet 02.06.2025 16:15:23
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Login3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF
3DPrint < 3.5.6.9 - Cross-Site Request Forgery to Arbitrary File Deletion
The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.
Mögliche Gegenmaßnahme
3DPrint: Update to version 3.5.6.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
3dprint Project ≫ 3dprint SwPlatformwordpress Version < 3.5.6.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
3DPrint
Version
*-3.5.4.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.32 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f89e9c46-aca3-4b2f-b935-2976c510ed8b