Lucene search
WPScanCVE-2024-3748HistoryMay 15, 2024 - 6:15 a.m.
CVE-2024-3748
2024-05-1506:15:13
WPScan
web.nvd.nist.gov
35
sp project
document manager
wordpress
user id manipulation
validation
upload function
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
6.6
Confidence
High
EPSS
0
Percentile
9.0%
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another user
Affected configurations
Node
sp_project_\&_document_managerRange≤4.71wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | sp_project_\&_document_manager | * | cpe:2.3:a:*:sp_project_\&_document_manager:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "SP Project & Document Manager",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "4.71"
}
],
"defaultStatus": "affected"
}
]Related
wpvulndb
wpvulndb
SP Project & Document Manager <= 4.71 - Data Update via IDOR
2024-04-24 00:00:00
cvelist
cvelist
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
2024-05-15 06:00:04
nvd
nvd
CVE-2024-3748
2024-05-15 06:15:13
wpexploit
wpexploit
SP Project & Document Manager <= 4.71 - Data Update via IDOR
2024-04-24 00:00:00
vulnrichment
vulnrichment
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
2024-05-15 06:00:04
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
6.6
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-3748