CVE-2022-3124

🗓️ 03 Oct 2022 13:45:25Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 62 Views🌐 WEB

The Frontend File Manager Plugin WordPress plugin before 21.3 allows unauthenticated user to rename and change content of arbitrary files on the web server

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2022-3124	3 Oct 202214:15	–	attackerkb
Circl	CVE-2022-3124	16 Sep 202506:39	–	circl
CNNVD	WordPress plugin Frontend File Manager 安全漏洞	3 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-3124 Frontend File Manager < 21.3 - Unauthenticated File Renaming	3 Oct 202213:45	–	cvelist
EUVD	EUVD-2022-42551	3 Oct 202213:45	–	euvd
Nuclei	Frontend File Manager < 21.3 - Unauthenticated File Renaming	5 Jun 202603:02	–	nuclei
NVD	CVE-2022-3124	3 Oct 202214:15	–	nvd
OSV	UBUNTU-CVE-2022-3124	3 Oct 202214:15	–	osv
Patchstack	WordPress Frontend File Manager plugin <= 21.2 - Unauthenticated File Renaming vulnerability	7 Sep 202200:00	–	patchstack
Prion	Design/Logic Flaw	3 Oct 202214:15	–	prion

NVD

Vulners

Node

najeebmedia frontend_file_managerRange<21.3wordpress

[
  {
    "product": "Frontend File Manager Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "21.3",
        "status": "affected",
        "version": "21.3",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608

Parameter	Position	Path	Description	CWE
fileid	request body	wp-json/wpfm/v1/file-rename	Unauthenticated user can rename uploaded files and manipulate destination filename to overwrite arbitrary files on the server (path traversal in filename).	CWE-862
filename	request body	wp-json/wpfm/v1/file-rename	Unauthenticated user can rename uploaded files and manipulate destination filename to overwrite arbitrary files on the server (path traversal in filename).	CWE-862