Lucene search
K

151 matches found

wpexploit
wpexploit
added 2023/09/19 12:0 a.m.194 views

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...

4.8CVSS5AI score0.00402EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/09/19 12:0 a.m.23 views

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. PoC As an admin, use the File Manager UI to upload a file...

7.2CVSS7.5AI score0.01331EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.6 views

PT-2023-30751 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro WordPress plugin versions prior to 1.8 Description: The issue arises from the improper checking of the CSRF nonce in the fs connector AJAX action. This allows attackers to perform highly privileged file system actions via CSR...

8.8CVSS8.6AI score0.06838EPSS
Exploits2References6
Patchstack
Patchstack
added 2023/09/13 12:0 a.m.22 views

WordPress File Manager Pro Plugin < 1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions 1.8 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4827 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID f857273165df Credits Dmitrii Ignatyev Required...

8.8CVSS7AI score0.06838EPSS
Exploits2References4Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/11 12:0 a.m.25 views

File Manager Pro < 1.8 - Remote Code Execution via CSRF

Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. PoC As a Super Admin, run the following...

8.8CVSS8.5AI score0.06838EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2023/06/19 12:0 a.m.278 views

WordPress File Manager Pro 8.3.1 Backup Disclosure

==================================================================================================================================== | Title : WordPress - file manager pro 8.3.1 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
hackapp
hackapp
added 2016/04/01 8:51 a.m.12 views

File Manager Pro - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application File Manager Pro published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
Vulnerability Lab
Vulnerability Lab
added 2016/02/03 12:0 a.m.43 views

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/02/03 12:0 a.m.37 views

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...

0.7AI score
Exploits0
Prion
Prion
added 2014/01/12 6:34 p.m.13 views

Directory traversal

Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors...

5.8CVSS7.1AI score0.01249EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/01/12 3:0 p.m.42 views

CVE-2014-0804

CVE-2014-0804 affects CGENE Security File Manager Pro/Trial for Android (versions ≤ 1.0.6). Root cause: directory traversal (CWE-22) in processing file names, enabling a remote, unauthenticated attacker to create or overwrite arbitrary files in directories the app can access. Impact: arbitrary fi...

5.8CVSS6.8AI score0.01249EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder