Lucene search
WPScanCVELIST:CVE-2023-4827HistoryOct 16, 2023 - 8:32 a.m.
CVE-2023-4827 File Manager Pro < 1.8 - Remote Code Execution via CSRF
2023-10-1608:32:43
WPScan
www.cve.org
cve-2023-4827
file manager pro wordpress plugin
csrf nonce
ajax action
highly privileged users
file system actions
get requests
web shell
The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fs_connector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.
CNA Affected
[
{
"vendor": "Unknown",
"product": "File Manager Pro",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.8"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site request forgery (csrf)
2023-10-16 09:15:00
nvd
nvd
CVE-2023-4827
2023-10-16 09:15:11
wpexploit
wpexploit
File Manager Pro < 1.8 - Remote Code Execution via CSRF
2023-09-11 00:00:00
cve
cve
CVE-2023-4827
2023-10-16 09:15:11
wpvulndb
wpvulndb
File Manager Pro < 1.8 - Remote Code Execution via CSRF
2023-09-11 00:00:00
wordfence
wordfence