Lucene search

CVE-2018-19043

🗓️ 31 Jan 2019 19:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 38 Views🌐 WEB

The Media File Manager plugin for WordPress allows arbitrary file renaming

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
NVD	CVE-2018-19043	31 Jan 201919:29	–	nvd
Cvelist	CVE-2018-19043	31 Jan 201919:00	–	cvelist
Prion	Directory traversal	31 Jan 201919:29	–	prion
WPVulnDB	Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities	5 Nov 201800:00	–	wpvulndb
wpexploit	Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities	5 Nov 201800:00	–	wpexploit
OpenVAS	WordPress Media File Manager Plugin < 1.4.4 Multiple Vulnerabilities	6 Mar 201900:00	–	openvas

Nvd

Node

media_file_manager_project media_file_managerMatch1.4.2wordpress

Source	Link
exploit-db	www.exploit-db.com/exploits/45809/

Parameter	Position	Path	Description	CWE
dir	request body	/wordpress/wp-admin/admin-ajax.php	Directory traversal vulnerability allows unauthenticated users to access arbitrary files on the server.	CWE-22
dir	request body	/wordpress/wp-admin/admin-ajax.php	Reflected XSS vulnerability allowing execution of arbitrary JavaScript in the context of the user.	CWE-79
dir_from	request body	/wordpress/wp-admin/admin-ajax.php	Vulnerability allowing unauthorized file movements within the server's directory structure.	CWE-22
dir_to	request body	/wordpress/wp-admin/admin-ajax.php	Vulnerability allowing unauthorized file movements within the server's directory structure.	CWE-22
items	request body	/wordpress/wp-admin/admin-ajax.php	Vulnerability allowing unauthorized file movements within the server's directory structure.	CWE-22
dir	request body	/wordpress/wp-admin/admin-ajax.php	Vulnerability allowing unauthorized file renaming operations, which can lead to data exposure.	CWE-22
from	request body	/wordpress/wp-admin/admin-ajax.php	Vulnerability allowing unauthorized file renaming operations, which can lead to data exposure.	CWE-22
to	request body	/wordpress/wp-admin/admin-ajax.php	Vulnerability allowing unauthorized file renaming operations, which can lead to data exposure.	CWE-22

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Jan 2019 19:29Current

5.6Medium risk

Vulners AI Score5.6

CVSS25

CVSS35.3

EPSS0.04965

CWE-22