5 matches found
WordPress Bit File Manager Plugin < 6.3 is vulnerable to Path Traversal
Software Bit File Manager Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-5907 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID f6d18601e62a Credits Dmitrii Ignatyev Required privilege...
CVE-2023-5907
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...
CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...
CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...
CVE-2023-5907
CVE-2023-5907 affects the WordPress plugin File Manager, prior to version 6.3. The root directory for the file manager is not restricted, allowing an administrator to set a root outside the WordPress root (including in multisite setups), which can grant access to system files and directories. The...