Lucene search
WPScanCVELIST:CVE-2022-3076HistorySep 26, 2022 - 12:35 p.m.
CVE-2022-3076 CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
2022-09-2612:35:42
CWE-434
WPScan
www.cve.org
cve-2022-3076
cm download manager
wordpress plugin
admin
arbitrary file upload
setting
multisite blog
php files
0.001 Low
EPSS
Percentile
43.1%
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin’s setting, which could be used by admins of multisite blog to upload PHP files for example.
CNA Affected
[
{
"product": "CM Download Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.6",
"status": "affected",
"version": "2.8.6",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-3076
2022-09-26 13:15:11
nvd
nvd
CVE-2022-3076
2022-09-26 13:15:11
wpexploit
wpexploit
CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
2022-09-05 00:00:00
wpvulndb
wpvulndb
CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
2022-09-05 00:00:00
cnvd
cnvd
WordPress CM Download Manager arbitrary file upload vulnerability
2022-09-28 00:00:00
prion
prion
Design/Logic Flaw
2022-09-26 13:15:00