Search criteria
2 vulnerabilities by mediajedi
CVE-2024-7848 (GCVE-0-2024-7848)
Vulnerability from cvelistv5 – Published: 2024-08-22 10:58 – Updated: 2024-08-22 13:11
VLAI?
Title
User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access
Summary
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to other user's private files.
Severity ?
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| deepakkite | User Private Files – WordPress File Sharing Plugin |
Affected:
* , ≤ 2.1.0
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:11:04.249310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:11:38.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "User Private Files \u2013 WordPress File Sharing Plugin",
"vendor": "deepakkite",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The User Private Files \u2013 WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the \u0027dpk_upvf_update_doc\u0027 due to missing validation on the \u0027docid\u0027 user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to other user\u0027s private files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T10:58:41.183Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb06de8-97d6-46c3-83ef-93a209540259?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3136913%40user-private-files\u0026new=3136913%40user-private-files\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-21T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "User Private Files \u003c= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7848",
"datePublished": "2024-08-22T10:58:41.183Z",
"dateReserved": "2024-08-15T15:55:51.526Z",
"dateUpdated": "2024-08-22T13:11:38.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2356 (GCVE-0-2022-2356)
Vulnerability from cvelistv5 – Published: 2022-08-08 13:46 – Updated: 2024-08-03 00:32
VLAI?
Title
User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload
Summary
The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Frontend File Manager & Sharing – User Private Files |
Affected:
1.1.3 , < 1.1.3
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Frontend File Manager \u0026 Sharing \u2013 User Private Files",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "1.1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Frontend File Manager \u0026 Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T13:46:51",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "User Private Files \u003c 1.1.3 - Subscriber+ Arbitrary File Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2356",
"STATE": "PUBLIC",
"TITLE": "User Private Files \u003c 1.1.3 - Subscriber+ Arbitrary File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Frontend File Manager \u0026 Sharing \u2013 User Private Files",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.3",
"version_value": "1.1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend File Manager \u0026 Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2356",
"datePublished": "2022-08-08T13:46:51",
"dateReserved": "2022-07-08T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}