Lucene search

[email protected]NVD:CVE-2023-6846

HistoryFeb 05, 2024 - 10:15 p.m.

CVE-2023-6846

2024-02-0522:15:56

CWE-434

[email protected]

web.nvd.nist.gov

cve-2023-6846

wordpress

arbitrary file upload

file manager pro

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.

Affected configurations

Nvd

Node

filemanagerprofile_manager_proRange≤8.3.4wordpress

VendorProductVersionCPE
filemanagerprofile_manager_pro*cpe:2.3:a:filemanagerpro:file_manager_pro:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
filemanagerpro	file_manager_pro	*	cpe:2.3:a:filemanagerpro:file_manager_pro::::::wordpress::*

References

gist.github.com/Kun19/046b2b305cac5f2edd38037984c2e8e3

www.wordfence.com/threat-intel/vulnerabilities/id/1e8e0257-a745-495f-a103-c032b95209fc?source=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

Related for NVD:CVE-2023-6846

wpvulndb1 cve1 wordfence2 cvelist1 prion1