Vulners
Lucene search
CVE-2022-2356
šļøĀ 08 Aug 2022Ā 13:46:51Reported byĀ WPScanTypeĀ 
Ā cvešĀ web.nvd.nist.govš°ļøĀ 2Ā Media mentionsšĀ 53Ā Viewsš WEB
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2022-2356 | 8 Aug 202214:15 | ā | attackerkb |
 | CVE-2022-2356 | 8 Aug 202218:23 | ā | circl |
 | WordPress Plugin Frontend File Manager & Sharing 代ē é®é¢ę¼ę“ | 8 Aug 202200:00 | ā | cnnvd |
 | CVE-2022-2356 User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload | 8 Aug 202213:46 | ā | cvelist |
 | EUVD-2022-34624 | 3 Oct 202520:07 | ā | euvd |
 | CVE-2022-2356 | 8 Aug 202214:15 | ā | nvd |
 | WordPress User Private Files plugin <= 1.1.2 - Authenticated Arbitrary File Upload vulnerability | 12 Jul 202200:00 | ā | patchstack |
 | Code injection | 8 Aug 202214:15 | ā | prion |
 | PT-2022-16075 Ā· WordPress Ā· Frontend File Manager & Sharing | 8 Aug 202200:00 | ā | ptsecurity |
 | CVE-2022-2356 | 22 May 202523:00 | ā | redhatcve |
10
Node
[
{
"product": "Frontend File Manager & Sharing ā User Private Files",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "1.1.3",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| docfile | upload data | wp-admin/admin-ajax.php | The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | CWE-434 |
| docext | upload data | wp-admin/admin-ajax.php | The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | CWE-434 |
| doc_type | upload data | wp-admin/admin-ajax.php | The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | CWE-434 |
| action | upload data | wp-admin/admin-ajax.php | The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | CWE-434 |
| upf_nonce | upload data | wp-admin/admin-ajax.php | The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | CWE-434 |
Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Nov 2024 07:00Current
8.8High risk
Vulners AI Score8.8
CVSS 3.18.8
EPSS0.00894