RSS   Vulnerabilities for 'Media file manager'   RSS

2019-01-31
 
CVE-2018-19043

CWE-22
 

 
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.

 
 
CVE-2018-19042

CWE-22
 

 
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.

 
 
CVE-2018-19041

CWE-79
 

 
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.

 
 
CVE-2018-19040

CWE-22
 

 
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.

 


Copyright 2024, cxsecurity.com

 

Back to Top