CVE-2022-3124

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-3124

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3124.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3124

Downstream

UBUNTU-CVE-2022-3124

Published

2022-10-03T14:15:19.833Z

Modified

2026-03-14T11:46:27.106299Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

References

https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "21.3"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3124.json"