CVE-2023-3814

EPSS 0.16%
Veröffentlicht 04.09.2023 12:15:09
Zuletzt bearbeitet 06.03.2025 16:15:42
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

Mögliche Gegenmaßnahme

Advanced File Manager – Ultimate WP File Manager And Document Library Solution: Update to version 5.1.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Advanced File Manager – Ultimate WP File Manager And Document Library Solution

Version * - 5.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Advancedfilemanager ≫ Advanced File Manager SwPlatformwordpress Version < 5.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.371

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/ceba35c3-16b0-4366-b33c-603bdc2c1006

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3814

EUVD