CVE-2023-5907

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.

Published: Dec 11, 2023
Updated: Dec 14, 2023
CVE: CVE-2023-5907
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
bitapps / file_manager	-	6.3

https://wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919e

Vulnerability Database

CVE-2023-5907