{"containers": {"cna": {"affected": [{"product": "CM Download Manager", "vendor": "Unknown", "versions": [{"lessThan": "2.8.6", "status": "affected", "version": "2.8.6", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Mika"}], "descriptions": [{"lang": "en", "value": "The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-26T12:35:42", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd"}], "source": {"discovery": "EXTERNAL"}, "title": "CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-3076", "STATE": "PUBLIC", "TITLE": "CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CM Download Manager", "version": {"version_data": [{"version_affected": "<", "version_name": "2.8.6", "version_value": "2.8.6"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Mika"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:09.712Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-3076", "datePublished": "2022-09-26T12:35:42", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T01:00:09.712Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cminds:cm_download_manager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E3B2416C-5A22-44E8-9B07-D3D4A498F11E", "versionEndExcluding": "2.8.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example."}, {"lang": "es", "value": "El plugin CM Download Manager de WordPress versiones anteriores a 2.8.6, permite a usuarios con altos privilegios, como los administradores, subir archivos arbitrarios estableciendo cualquier extensi\u00f3n por medio de la configuraci\u00f3n del plugin, lo que podr\u00eda ser usado por los administradores de un blog multisitio para descargar archivos PHP, por ejemplo.\n"}], "id": "CVE-2022-3076", "lastModified": "2024-11-21T07:18:46.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-26T13:15:11.090", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "contact@wpscan.com", "type": "Secondary"}]}

{}