CVE-2022-3125 (GCVE-0-2022-3125)

Vulnerability from cvelistv5 – Published: 2022-10-03 13:45 – Updated: 2024-08-03 01:00
VLAI
Title
Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload
Summary
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
Severity
No CVSS data available.
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
Vendor Product Version
Unknown Frontend File Manager Plugin Affected: 21.3 , < 21.3 (custom)
Create a notification for this product.
Credits
Raad Haddad of Cloudyrion GmbH
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Frontend File Manager Plugin",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "21.3",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Raad Haddad of Cloudyrion GmbH"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-03T13:45:26.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Frontend File Manager \u003c 21.3 - Subscriber+ Arbitrary File Upload",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-3125",
          "STATE": "PUBLIC",
          "TITLE": "Frontend File Manager \u003c 21.3 - Subscriber+ Arbitrary File Upload"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Frontend File Manager Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "21.3",
                            "version_value": "21.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Raad Haddad of Cloudyrion GmbH"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-3125",
    "datePublished": "2022-10-03T13:45:26.000Z",
    "dateReserved": "2022-09-05T00:00:00.000Z",
    "dateUpdated": "2024-08-03T01:00:10.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-3125",
      "date": "2026-05-31",
      "epss": "0.01508",
      "percentile": "0.81483"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*\", \"versionEndExcluding\": \"21.3\", \"matchCriteriaId\": \"03C2E48E-760E-441B-8004-2A4654D4163B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE\"}, {\"lang\": \"es\", \"value\": \"El plugin Frontend File Manager Plugin de WordPress versiones anteriores a 21.3, permite a cualquier usuario autenticado, como el suscriptor, renombrar un archivo a una extensi\\u00f3n arbitraria, como PHP, lo que podr\\u00eda permitirles b\\u00e1sicamente ser capaces de descargar archivos arbitrarios en el servidor y lograr un RCE\"}]",
      "id": "CVE-2022-3125",
      "lastModified": "2024-11-21T07:18:52.697",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2022-10-03T14:15:20.433",
      "references": "[{\"url\": \"https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "contact@wpscan.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"contact@wpscan.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-3125\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2022-10-03T14:15:20.433\",\"lastModified\":\"2024-11-21T07:18:52.697\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE\"},{\"lang\":\"es\",\"value\":\"El plugin Frontend File Manager Plugin de WordPress versiones anteriores a 21.3, permite a cualquier usuario autenticado, como el suscriptor, renombrar un archivo a una extensi\u00f3n arbitraria, como PHP, lo que podr\u00eda permitirles b\u00e1sicamente ser capaces de descargar archivos arbitrarios en el servidor y lograr un RCE\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"21.3\",\"matchCriteriaId\":\"03C2E48E-760E-441B-8004-2A4654D4163B\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.