{"containers": {"cna": {"affected": [{"product": "Frontend File Manager Plugin", "vendor": "Unknown", "versions": [{"lessThan": "21.3", "status": "affected", "version": "21.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Raad Haddad of Cloudyrion GmbH"}], "descriptions": [{"lang": "en", "value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T13:45:25", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"}], "source": {"discovery": "EXTERNAL"}, "title": "Frontend File Manager < 21.3 - Unauthenticated File Renaming", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-3124", "STATE": "PUBLIC", "TITLE": "Frontend File Manager < 21.3 - Unauthenticated File Renaming"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Frontend File Manager Plugin", "version": {"version_data": [{"version_affected": "<", "version_name": "21.3", "version_value": "21.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Raad Haddad of Cloudyrion GmbH"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.519Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-3124", "datePublished": "2022-10-03T13:45:25", "dateReserved": "2022-09-05T00:00:00", "dateUpdated": "2024-08-03T01:00:10.519Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "03C2E48E-760E-441B-8004-2A4654D4163B", "versionEndExcluding": "21.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"}, {"lang": "es", "value": "El plugin Frontend File Manager de WordPress versiones anteriores a 21.3, permite a cualquier usuario no autenticado renombrar los archivos descargados por los usuarios. Adem\u00e1s, debido a una falta de comprobaci\u00f3n en el nombre de archivo de destino, esto podr\u00eda permitirles cambiar el contenido de archivos arbitrarios en el servidor web"}], "id": "CVE-2022-3124", "lastModified": "2022-10-04T20:42:58.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-03T14:15:19.833", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "contact@wpscan.com", "type": "Primary"}]}

{}