4.9
CVE-2023-3814
- EPSS 0.51%
- Veröffentlicht 04.09.2023 12:15:09
- Zuletzt bearbeitet 06.03.2025 16:15:42
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAdvanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access
Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.
Mögliche Gegenmaßnahme
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution: Update to version 5.1.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advancedfilemanager ≫ Advanced File Manager SwPlatformwordpress Version < 5.1.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution
Version
*-5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.391 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339
https://www.wordfence.com/threat-intel/vulnerabilities/id/ceba35c3-16b0-4366-b33c-603bdc2c1006