{"containers":{"cna":{"affected":[{"product":"Frontend File Manager Plugin","vendor":"Unknown","versions":[{"lessThan":"21.3","status":"affected","version":"21.3","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Raad Haddad of Cloudyrion GmbH"}],"descriptions":[{"lang":"en","value":"The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-10-03T13:45:25.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"}],"source":{"discovery":"EXTERNAL"},"title":"Frontend File Manager < 21.3 - Unauthenticated File Renaming","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2022-3124","STATE":"PUBLIC","TITLE":"Frontend File Manager < 21.3 - Unauthenticated File Renaming"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Frontend File Manager Plugin","version":{"version_data":[{"version_affected":"<","version_name":"21.3","version_value":"21.3"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"Raad Haddad of Cloudyrion GmbH"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862 Missing Authorization"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608","refsource":"MISC","url":"https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:00:10.519Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-3124","datePublished":"2022-10-03T13:45:25.000Z","dateReserved":"2022-09-05T00:00:00.000Z","dateUpdated":"2024-08-03T01:00:10.519Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}