Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-3124

CWE-862 — Missing Authorization6 documents6 sources

Severity

5.3MEDIUM

EPSS

8.7%

top 7.54%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Unknown Frontend File Manager Plugin Najeebmedia Frontend File Manager

Timeline

PublishedOct 3

Latest updateOct 4

Description

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/frontend_file_manager_plugin21.3 — 21.3

▶NVDnajeebmedia/frontend_file_manager< 21.3

🔴Vulnerability Details

GHSA

GHSA-wvhv-jqpm-79vj: The Frontend File Manager Plugin WordPress plugin before 21↗2022-10-04

▶

OSV

CVE-2022-3124: The Frontend File Manager Plugin WordPress plugin before 21↗2022-10-03

▶

CVEList

Frontend File Manager < 21.3 - Unauthenticated File Renaming↗2022-10-03

▶

VulnCheck

najeebmedia frontend_file_manager Missing Authorization↗2022

▶

💥Exploits & PoCs

Nuclei

Frontend File Manager < 21.3 - Unauthenticated File Renaming

▶