4 matches found
CVE-2022-3076
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...
CVE-2022-3076
CM Download Manager for WordPress (plugin before 2.8.6) allows high-privilege users (admin) to upload arbitrary files by adding extensions (e.g., PHP) in Settings, without proper validation. This can enable an authenticated admin to place malicious PHP files in the site uploads path, with PoC evi...
CVE-2022-3076 CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...
CVE-2022-3076 CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...