Out-of-bounds

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotel...

CVE-2023-5790 SourceCodester File Manager App add-file.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotel...

CVE-2023-5790 SourceCodester File Manager App add-file.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotel...

CVE-2023-5790

CVE-2023-5790 affects SourceCodester File Manager App 1.0A vulnerability in the file endpoint add-file.php allows unrestricted upload by manipulating the uploadedFileName parameter. The issue is exploitable remotely and is confirmed across multiple sources; public disclosure is noted. The root ca...

SourceCodester File Manager Code Issue Vulnerability

SourceCodester File Manager is a file manager. A security vulnerability exists in SourceCodester File Manager version 1.0, which originates from a file upload vulnerability in the parameter uploadedFileName of the file endpoint/add-file.php...

WordPress File Manager Pro Plugin < 1.8.1 is vulnerable to Cross Site Scripting (XSS)

Software File Manager Pro Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4862 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 25299b88b128 Credits Alex Sanford Required...

WordPress File Manager Pro Plugin < 1.8.1 is vulnerable to Remote Code Execution (RCE)

Software File Manager Pro Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4861 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID cd77a490f9de Credits Alex Sanford Required privilege...

CVE-2023-4861

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...

CVE-2023-4861

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...

CVE-2023-4862

The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users...

CVE-2023-4862

The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users...

Remote code execution

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...

CVE-2023-4861 File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...

CVE-2023-4861

The CVE-2023-4861 entry affects the WordPress plugin File Manager Pro (vulnerable:

CVE-2023-4862 File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users...

CVE-2023-4862

The CVE-2023-4862 affects the File Manager Pro WordPress plugin (pre-1.8.1). The underlying issue is inadequate validation/escaping of inputs, enabling admin+ (high-privilege) users to trigger a stored XSS, potentially via crafted inputs in the plugin’s admin functionality. The vulnerability is m...

CVE-2023-4827

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

Cross site request forgery (csrf)

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

CVE-2023-4827 File Manager Pro < 1.8 - Remote Code Execution via CSRF

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

CVE-2023-4827 File Manager Pro < 1.8 - Remote Code Execution via CSRF

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...