Contao 代码问题漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A code issue vulnerability exists in Contao 4.0.0 and prior versions, which originates from a backend user with file manager...

CVE-2024-7770

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

CVE-2024-7770

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

CVE-2024-7770 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

CVE-2024-7770 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

CVE-2024-7770

CVE-2024-7770 affects Bit File Manager for WordPress (

WordPress Bit File Manager plugin <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit File Manager versions = 6.5.5...

WordPress Bit File Manager Plugin <= 6.5.5 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions = 6.5.5 Fixed in 6.5.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7770 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4d22ee982f55 Credits TANG Cheuk Hei siunam Required privileg...

WordPress plugin Bit File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-7627

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated...

CVE-2024-7627

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated...

CVE-2024-7627 Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated...

CVE-2024-7627 Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated...

CVE-2024-7627

CVE-2024-7627 affects the WordPress Bit File Manager plugin (versions 6.0–6.5.5). The vulnerability stems from the checkSyntax function writing a temporary PHP file into a publicly accessible directory before validating input, enabling unauthenticated attackers to execute code on the server when ...

WordPress plugin Bit File Manager 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress Bit File Manager plugin 6.0-6.5.5 - Unauthenticated Remote Code Execution via Race Condition vulnerability

Unauthenticated Remote Code Execution via Race Condition vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit File Manager versions 6.0-6.5.5...

20,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Bit File Manager WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

PT-2024-38462 · WordPress · Bit File Manager

Name of the Vulnerable Software and Affected Versions: Bit File Manager plugin for WordPress versions 6.0 through 6.5.5 Description: The issue is related to Remote Code Execution. This occurs due to the plugin writing a temporary file to a publicly accessible directory before performing file...

WordPress Bit File Manager Plugin 6.0-6.5.5 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions 6.0-6.5.5 Fixed in 6.5.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-7627 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 8d646fb4b08e Credits TANG Cheuk Hei siunam Required...

CVE-2023-26321

A path traversal vulnerability exists in the Xiaomi File Manager application productinternational version. The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file...