CVE-2022-3076 (GCVE-0-2022-3076)
Vulnerability from cvelistv5 – Published: 2022-09-26 12:35 – Updated: 2025-05-22 15:41
VLAI?
Summary
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
Severity ?
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | CM Download Manager |
Affected:
2.8.6 , < 2.8.6
(custom)
|
Credits
Mika
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3076",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:40:45.891130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:41:20.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CM Download Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.8.6",
"status": "affected",
"version": "2.8.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mika"
}
],
"descriptions": [
{
"lang": "en",
"value": "The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin\u0027s setting, which could be used by admins of multisite blog to upload PHP files for example."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T12:35:42.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CM Download Manager \u003c 2.8.6 - Admin+ Arbitrary File Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-3076",
"STATE": "PUBLIC",
"TITLE": "CM Download Manager \u003c 2.8.6 - Admin+ Arbitrary File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CM Download Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.8.6",
"version_value": "2.8.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin\u0027s setting, which could be used by admins of multisite blog to upload PHP files for example."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3076",
"datePublished": "2022-09-26T12:35:42.000Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2025-05-22T15:41:20.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cminds:cm_download_manager:*:*:*:*:*:wordpress:*:*\", \"versionEndExcluding\": \"2.8.6\", \"matchCriteriaId\": \"E3B2416C-5A22-44E8-9B07-D3D4A498F11E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin\u0027s setting, which could be used by admins of multisite blog to upload PHP files for example.\"}, {\"lang\": \"es\", \"value\": \"El plugin CM Download Manager de WordPress versiones anteriores a 2.8.6, permite a usuarios con altos privilegios, como los administradores, subir archivos arbitrarios estableciendo cualquier extensi\\u00f3n por medio de la configuraci\\u00f3n del plugin, lo que podr\\u00eda ser usado por los administradores de un blog multisitio para descargar archivos PHP, por ejemplo.\\n\"}]",
"id": "CVE-2022-3076",
"lastModified": "2024-11-21T07:18:46.420",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
"published": "2022-09-26T13:15:11.090",
"references": "[{\"url\": \"https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"contact@wpscan.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-3076\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2022-09-26T13:15:11.090\",\"lastModified\":\"2025-05-22T16:15:53.110\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin\u0027s setting, which could be used by admins of multisite blog to upload PHP files for example.\"},{\"lang\":\"es\",\"value\":\"El plugin CM Download Manager de WordPress versiones anteriores a 2.8.6, permite a usuarios con altos privilegios, como los administradores, subir archivos arbitrarios estableciendo cualquier extensi\u00f3n por medio de la configuraci\u00f3n del plugin, lo que podr\u00eda ser usado por los administradores de un blog multisitio para descargar archivos PHP, por ejemplo.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cminds:cm_download_manager:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"2.8.6\",\"matchCriteriaId\":\"E3B2416C-5A22-44E8-9B07-D3D4A498F11E\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:00:09.712Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3076\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-22T15:40:45.891130Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-22T15:41:03.830Z\"}}], \"cna\": {\"title\": \"CM Download Manager \u003c 2.8.6 - Admin+ Arbitrary File Upload\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Mika\"}], \"affected\": [{\"vendor\": \"Unknown\", \"product\": \"CM Download Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.8.6\", \"lessThan\": \"2.8.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd\", \"tags\": [\"x_refsource_MISC\"]}], \"x_generator\": \"WPScan CVE Generator\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin\u0027s setting, which could be used by admins of multisite blog to upload PHP files for example.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81\", \"shortName\": \"WPScan\", \"dateUpdated\": \"2022-09-26T12:35:42.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Mika\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"2.8.6\", \"version_value\": \"2.8.6\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"CM Download Manager\"}]}, \"vendor_name\": \"Unknown\"}]}}, \"data_type\": \"CVE\", \"generator\": \"WPScan CVE Generator\", \"references\": {\"reference_data\": [{\"url\": \"https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd\", \"name\": \"https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin\u0027s setting, which could be used by admins of multisite blog to upload PHP files for example.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-3076\", \"STATE\": \"PUBLIC\", \"TITLE\": \"CM Download Manager \u003c 2.8.6 - Admin+ Arbitrary File Upload\", \"ASSIGNER\": \"contact@wpscan.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-3076\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-22T15:41:20.288Z\", \"dateReserved\": \"2022-09-01T00:00:00.000Z\", \"assignerOrgId\": \"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81\", \"datePublished\": \"2022-09-26T12:35:42.000Z\", \"assignerShortName\": \"WPScan\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…