Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-2068
HistoryJun 27, 2023 - 2:15 p.m.

Design/Logic Flaw

2023-06-2714:15:00
PRIOn knowledge base
www.prio-n.com
10
file manager
wordpress plugin
file upload
logic flaw
rce
mime type
unauthenticated users

9.4 High

AI Score

Confidence

High

0.284 Low

EPSS

Percentile

96.9%

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

CPENameOperatorVersion
file_manager_advanced_shortcodele2.3.2

9.4 High

AI Score

Confidence

High

0.284 Low

EPSS

Percentile

96.9%