CVE-2022-3125

🗓️ 03 Oct 2022 13:45:26Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 66 Views🌐 WEB

The Frontend File Manager Plugin WordPress plugin before 21.3 allows arbitrary file uploa

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2022-3125	3 Oct 202214:15	–	attackerkb
CNNVD	WordPress plugin Frontend File Manager 代码问题漏洞	3 Oct 202200:00	–	cnnvd
CNVD	WordPress Frontend File Manager Arbitrary File Upload Vulnerability	11 Oct 202200:00	–	cnvd
Cvelist	CVE-2022-3125 Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload	3 Oct 202213:45	–	cvelist
EUVD	EUVD-2022-42552	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3125	3 Oct 202214:15	–	nvd
OSV	UBUNTU-CVE-2022-3125	3 Oct 202214:15	–	osv
Patchstack	WordPress Frontend File Manager plugin <= 21.2 - Authenticated Arbitrary File Upload vulnerability	7 Sep 202200:00	–	patchstack
Prion	Design/Logic Flaw	3 Oct 202214:15	–	prion
Positive Technologies	PT-2022-20638 · WordPress · Frontend File Manager Plugin	3 Oct 202200:00	–	ptsecurity

NVD

Vulners

Node

najeebmedia frontend_file_managerRange<21.3wordpress

[
  {
    "product": "Frontend File Manager Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "21.3",
        "status": "affected",
        "version": "21.3",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e

Parameter	Position	Path	Description	CWE
exploit.pdf	path	wp-content/uploads/user_uploads/<username>/exploit.php	Authenticated users can rename an uploaded file to a PHP extension, enabling arbitrary file execution (RCE) on the server.	CWE-434
exploit.php	path	wp-content/uploads/user_uploads/<username>/exploit.php	Authenticated users can rename an uploaded file to a PHP extension, enabling arbitrary file execution (RCE) on the server.	CWE-434

21 Nov 2024 07:18Current

8.6High risk

Vulners AI Score8.6

CVSS 3.18.8

EPSS0.01508

CWE-434