The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-12-11T19:22:37.067Z

Updated: 2024-08-02T08:14:24.643Z

Reserved: 2023-11-01T15:24:37.072Z

Link: CVE-2023-5907

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-12-11T20:15:07.263

Modified: 2023-12-13T19:55:59.017

Link: CVE-2023-5907

cve-icon Redhat

No data.