CVE-2024-8746
CVE-2024-8746
Título es
CVE-2024-8746
Mié, 16/10/2024 – 07:15
Tipo
CWE-434
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-8746
Descripción en
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible.
16/10/2024
16/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
7.50
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
