WordPress Advanced File Manager Plugin < 5.1.1 is vulnerable to Sensitive Data Exposure

Software Advanced File Manager Type Plugin Vulnerable versions 5.1.1 Fixed in 5.1.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3814 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID c11d3f659c9c Credits Dmitrii Required...

Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

Description The plugin does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. PoC On a multisite installation, log in as a site admin. Notice that you are able to manage files on the server using th...

Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access

Description The plugin does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. On a multisite installation, log in as a site admin. Notice that you are able to manage files on the server using this...

The vulnerability of the File Manager component in the server and cloud service management panel, CloudPanel, allows a hacker to gain unauthorized access to protected information and increase their privileges.

The vulnerability of the File Manager component in the server and cloud service management panel, CloudPanel, is related to deficiencies in access control when processing clp-fm cookie files without verifying their authenticity and integrity. Exploiting this vulnerability can allow an attacker to...

Metasploit Weekly Wrap up

Unauthenticated RCE in VMware Product This week, community contributor h00die added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable CVE-2023-20887. A remote...

Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The Wordpress plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but is also works in an...

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution Exploit

WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

WordPress WPIDE – File Manager & Code Editor Plugin <= 3.4.6 is vulnerable to Cross Site Scripting (XSS)

Software WPIDE – File Manager & Code Editor Type Plugin Vulnerable versions = 3.4.6 Fixed in 3.4.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2983e75b4eab Credits Rafie Muhamma...

CVE-2022-4023

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

CVE-2022-4023

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

Cross site request forgery (csrf)

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

CVE-2022-4023 3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

Syncfusion ej2-filemanager-node-filesystem 路径遍历漏洞

Syncfusion ej2-filemanager-node-filesystem is an application from Syncfusion, Inc. Syncfusion ej2-filemanager-node-filesystem has a security vulnerability that stems from filesystem-server.js being vulnerable to a directory traversal attack, which can be exploited by an attacker to list any file ...

CVE-2023-2068

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

Design/Logic Flaw

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068

The CVE-2023-2068 issue affects the WordPress File Manager Advanced Shortcode plugin (versions