CVE-2023-5907

CVE-2023-5907 affects the WordPress plugin File Manager, prior to version 6.3. The root directory for the file manager is not restricted, allowing an administrator to set a root outside the WordPress root (including in multisite setups), which can grant access to system files and directories. The...

CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

PT-2023-32413 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager WordPress plugin versions prior to 6.3 Description: The issue allows an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site...

WordPress Plugin File Manager Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-46157

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755...

CVE-2023-46157

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755...

CVE-2023-46157

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755...

Command injection

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755...

CVE-2023-46157

CVE-2023-46157 affects MGT CloudPanel 2.0.0–2.3.2. The root cause is a vulnerability in File-Manager allowing OS command injection by a lowest-privilege user through altering file ownership and setting file permissions to 4755. The provided documents consistently describe this as the impact (comm...

CVE-2023-46157

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755...

CVE-2023-46157

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755...

CVE-2023-5105

The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php...

CVE-2023-5105 Frontend File Manager < 22.6 - Editor+ Arbitrary File Download

The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php...

CVE-2023-5105

The CVE-2023-5105 affects the WordPress Frontend File Manager Plugin (wpfm-files) prior to version 22.6. An Editor+ user can bypass the download logic to arbitrarily download sensitive files (e.g., wp-config.php) by manipulating wpfm_dir_path/wpfm_file_url, as shown in published PoC steps. The vu...

PT-2023-30728 · Unknown · Sunlight Cms

Name of the Vulnerable Software and Affected Versions: Sunlight CMS version 8.0.1 Description: A Cross-Site Scripting XSS issue allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. Recommendations: For Sunlight CMS version 8.0.1,...

WordPress plugin Frontend File Manager Plugin security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

The vulnerability of the Adobe Bridge file manager relates to the use of an uninitialized pointer, which allows an attacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Bridge file manager is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism...

The vulnerability of the Adobe Bridge file manager relates to the use of memory after it is freed, allowing an attacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Bridge file manager is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism...

The vulnerability of the Adobe Bridge file manager relates to the use of an uninitialized pointer, which allows an attacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Bridge file manager is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism...

CVE-2023-6302

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...