Lucene search

PRIOn knowledge basePRION:CVE-2023-2068

HistoryJun 27, 2023 - 2:15 p.m.

Design/Logic Flaw

2023-06-2714:15:00

PRIOn knowledge base

www.prio-n.com

file manager

wordpress plugin

file upload

logic flaw

rce

mime type

unauthenticated users

9.4 High

AI Score

Confidence

High

0.284 Low

EPSS

Percentile

96.9%

JSON

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

CPENameOperatorVersion
file_manager_advanced_shortcodele2.3.2

CPE	Name	Operator	Version
	file_manager_advanced_shortcode	le	2.3.2

References

packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html

wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056