CVE-2023-4827 File Manager Pro < 1.8 - Remote Code Execution via CSRF

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

CVE-2023-4827 File Manager Pro < 1.8 - Remote Code Execution via CSRF

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

CVE-2023-4827

CVE-2023-4827 concerns the WordPress plugin File Manager Pro (pre-1.8). The issue is an improper CSRF nonce check in the fs_connector AJAX action, allowing an attacker to trigger highly privileged file-system actions via CSRF using GET requests. Potential impact includes uploading a web shell and...

WordPress plugin File Manager Pro Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers. A cross-site request forgery...

WordPress plugin File Manager Pro cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin File Manager Pro Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PHPFusion <= 9.10.30 Multiple Vulnerabilities

PHPFusion is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php-fusion:php-fusion";...

CVE-2023-44008

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function...

CVE-2023-44008

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function...

CVE-2023-44008

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function...

Unrestricted file upload

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function...

PT-2023-29063 · Unknown · Mojoportal

Name of the Vulnerable Software and Affected Versions: mojoPortal version 2.7.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the File Manager function. This is a result of a File Upload vulnerability. Recommendations: For mojoPortal version 2.7.0.0, consider...

CMS Made Simple <= 2.2.21 Multiple Vulnerabilities

CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. As an admin, use the File Manager UI to upload a file shell.php...

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. PoC As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type":...

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. PoC As an admin, use the File Manager UI to upload a file...

PT-2023-30751 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro WordPress plugin versions prior to 1.8 Description: The issue arises from the improper checking of the CSRF nonce in the fs connector AJAX action. This allows attackers to perform highly privileged file system actions via CSR...

CVE-2023-40983

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file...

CVE-2023-40983

A reflected cross-site scripting XSS vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file...