cvelist/2022/3xxx/CVE-2022-3124.json

{
  "CVE_data_meta": {
    "ID": "CVE-2022-3124",
    "ASSIGNER": "contact@wpscan.com",
    "STATE": "PUBLIC",
    "TITLE": "Frontend File Manager < 21.3 - Unauthenticated File Renaming"
  },
  "data_format": "MITRE",
  "data_type": "CVE",
  "data_version": "4.0",
  "generator": "WPScan CVE Generator",
  "affects": {
    "vendor": {
      "vendor_data": [
        {
          "vendor_name": "Unknown",
          "product": {
            "product_data": [
              {
                "product_name": "Frontend File Manager Plugin",
                "version": {
                  "version_data": [
                    {
                      "version_affected": "<",
                      "version_name": "21.3",
                      "version_value": "21.3"
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  },
  "description": {
    "description_data": [
      {
        "lang": "eng",
        "value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"
      }
    ]
  },
  "references": {
    "reference_data": [
      {
        "refsource": "MISC",
        "url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608",
        "name": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"
      }
    ]
  },
  "problemtype": {
    "problemtype_data": [
      {
        "description": [
          {
            "value": "CWE-862 Missing Authorization",
            "lang": "eng"
          }
        ]
      }
    ]
  },
  "credit": [
    {
      "lang": "eng",
      "value": "Raad Haddad of Cloudyrion GmbH"
    }
  ],
  "source": {
    "discovery": "EXTERNAL"
  }
}
"-Synchronized-Data." 2022-09-05 11:00:33 +00:00			`{`
Adds CVEs 2022-10-03 15:44:03 +02:00			`"CVE_data_meta": {`
			`"ID": "CVE-2022-3124",`
			`"ASSIGNER": "contact@wpscan.com",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Frontend File Manager < 21.3 - Unauthenticated File Renaming"`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"generator": "WPScan CVE Generator",`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Unknown",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Frontend File Manager Plugin",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "21.3",`
			`"version_value": "21.3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "MISC",`
			`"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608",`
			`"name": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"value": "CWE-862 Missing Authorization",`
			`"lang": "eng"`
			`}`
"-Synchronized-Data." 2022-09-05 11:00:33 +00:00			`]`
Adds CVEs 2022-10-03 15:44:03 +02:00			`}`
			`]`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Raad Haddad of Cloudyrion GmbH"`
"-Synchronized-Data." 2022-09-05 11:00:33 +00:00			`}`
Adds CVEs 2022-10-03 15:44:03 +02:00			`],`
			`"source": {`
			`"discovery": "EXTERNAL"`
			`}`
"-Synchronized-Data." 2022-09-05 11:00:33 +00:00			`}`