Design/Logic Flaw

2022-09-2613:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

cm download manager

arbitrary files

high privilege users

arbitrary code execution

logic flaw

0.001 Low

EPSS

Percentile

43.1%

JSON

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin’s setting, which could be used by admins of multisite blog to upload PHP files for example.

CPENameOperatorVersion
cm_download_managerlt2.8.6

CPE	Name	Operator	Version
	cm_download_manager	lt	2.8.6

References

wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for PRION:CVE-2022-3076