Lucene search
Raad Haddad of Cloudyrion GmbHWPEX-ID:D3D9DC9A-226B-4F76-995E-E2AF1DD6B17EHistorySep 07, 2022 - 12:00 a.m.
Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload
2022-09-0700:00:00
Raad Haddad of Cloudyrion GmbH
249
arbitrary file upload
frontend file manager
subscriber
malicious file
php
pdf
rename
accessible
https
EPSS
0.001
Percentile
42.9%
The plugin allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
1. Navigate to the page where [ffmwp] shortcode is included as Subscriber
2. Upload the malicious PHP file as PDF file (e.g., exploit.pdf)
3. View the file and rename it from exploit.pdf to exploit.php
The file will be accessible via https://example.com/wp-content/uploads/user_uploads/<username>/exploit.phpRelated
wpvulndb
wpvulndb
Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload
2022-09-07 00:00:00
patchstack
patchstack
ubuntucve
ubuntucve
CVE-2022-3125
2022-10-03 00:00:00
cnvd
cnvd
WordPress Frontend File Manager Arbitrary File Upload Vulnerability
2022-10-11 00:00:00
nvd
nvd
CVE-2022-3125
2022-10-03 14:15:20
prion
prion
Design/Logic Flaw
2022-10-03 14:15:00
cvelist
cvelist
cve
cve
CVE-2022-3125
2022-10-03 14:15:20