Lucene search
WPScanCVELIST:CVE-2023-2068HistoryJun 27, 2023 - 1:17 p.m.
CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
2023-06-2713:17:19
WPScan
www.cve.org
cve-2023-2068
file manager advanced shortcode
unauthenticated
remote code execution
wordpress
plugin
mime types
rce
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.
CNA Affected
[
{
"vendor": "Unknown",
"product": "file-manager-advanced-shortcode",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "2.3.2"
}
],
"defaultStatus": "affected"
}
]Related
zdt
zdt
wpexploit
wpexploit
cve
cve
CVE-2023-2068
2023-06-27 14:15:10
wpvulndb
wpvulndb
metasploit
metasploit
prion
prion
Design/Logic Flaw
2023-06-27 14:15:00
nvd
nvd
CVE-2023-2068
2023-06-27 14:15:10
packetstorm
packetstorm
File Manager Advanced Shortcode 2.3.2 Remote Code Execution
2023-06-05 00:00:00
WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution
2023-07-25 00:00:00
exploitdb
exploitdb
rapid7blog
rapid7blog
Metasploit Weekly Wrap up
2023-07-28 17:25:08
wordfence
wordfence