Source |
CVE Liste |
Identifiant |
4395076 |
Date de publication |
2022-04-04 16:15:09 (vue: 2022-04-04 19:06:30) |
Titre |
CVE-2022-0403 |
Texte |
The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders. |
Envoyé |
Oui |
Condensat |
0403 2021 2022 32682 action affected ajax allowing any arbitrary authenticated authorisation before call can checks connector create/upload/delete csrf cve does elfinder file files folders furthermore have issues its know library low manager not options outdated passed plugin restrict role security subscriber such type users using version well which wordpress |
Tags |
|
Stories |
APT 33
|
Notes |
|
Move |
|