8.8
CVE-2023-6846
- EPSS 13.31%
- Veröffentlicht 05.02.2024 22:15:56
- Zuletzt bearbeitet 21.11.2024 08:44:40
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginFile Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.
Mögliche Gegenmaßnahme
File Manager Pro: Update to version 8.3.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
File Manager Pro
Version
*-8.3.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Filemanagerpro ≫ File Manager SwPlatformwordpress Version <= 8.3.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.31% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.