CVE-2022-3124 (GCVE-0-2022-3124)
Vulnerability from cvelistv5 – Published: 2022-10-03 13:45 – Updated: 2024-08-03 01:00
VLAI?
Title
Frontend File Manager < 21.3 - Unauthenticated File Renaming
Summary
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Frontend File Manager Plugin |
Affected:
21.3 , < 21.3
(custom)
|
Credits
Raad Haddad of Cloudyrion GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Frontend File Manager Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "21.3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T13:45:25",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend File Manager \u003c 21.3 - Unauthenticated File Renaming",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-3124",
"STATE": "PUBLIC",
"TITLE": "Frontend File Manager \u003c 21.3 - Unauthenticated File Renaming"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Frontend File Manager Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3124",
"datePublished": "2022-10-03T13:45:25",
"dateReserved": "2022-09-05T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*\", \"versionEndExcluding\": \"21.3\", \"matchCriteriaId\": \"03C2E48E-760E-441B-8004-2A4654D4163B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server\"}, {\"lang\": \"es\", \"value\": \"El plugin Frontend File Manager de WordPress versiones anteriores a 21.3, permite a cualquier usuario no autenticado renombrar los archivos descargados por los usuarios. Adem\\u00e1s, debido a una falta de comprobaci\\u00f3n en el nombre de archivo de destino, esto podr\\u00eda permitirles cambiar el contenido de archivos arbitrarios en el servidor web\"}]",
"id": "CVE-2022-3124",
"lastModified": "2024-11-21T07:18:52.577",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2022-10-03T14:15:19.833",
"references": "[{\"url\": \"https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"contact@wpscan.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-3124\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2022-10-03T14:15:19.833\",\"lastModified\":\"2024-11-21T07:18:52.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server\"},{\"lang\":\"es\",\"value\":\"El plugin Frontend File Manager de WordPress versiones anteriores a 21.3, permite a cualquier usuario no autenticado renombrar los archivos descargados por los usuarios. Adem\u00e1s, debido a una falta de comprobaci\u00f3n en el nombre de archivo de destino, esto podr\u00eda permitirles cambiar el contenido de archivos arbitrarios en el servidor web\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"21.3\",\"matchCriteriaId\":\"03C2E48E-760E-441B-8004-2A4654D4163B\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…