3 matches found
CVE-2024-8126 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an...
CVE-2024-8126 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'classfmaconnector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an...
WordPress Advanced File Manager Plugin <= 5.2.8 is vulnerable to Arbitrary File Upload
Software Advanced File Manager Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8126 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4f8af42b2013 Credits TANG Cheuk Hei siunam Required...