Search criteria
2 vulnerabilities found for Change Uploaded File Permissions by Unknown
CVE-2022-1788 (GCVE-0-2022-1788)
Vulnerability from nvd – Published: 2022-06-13 12:42 – Updated: 2024-08-03 00:16
VLAI
Title
Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF
Summary
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/c39719e5-dadd-44… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Change Uploaded File Permissions |
Affected:
4.0.0 , ≤ 4.0.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Change Uploaded File Permissions",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:42:55.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Change Uploaded File Permissions \u003c= 4.0.0 - File Permission Update via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1788",
"STATE": "PUBLIC",
"TITLE": "Change Uploaded File Permissions \u003c= 4.0.0 - File Permission Update via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Change Uploaded File Permissions",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.0.0",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1788",
"datePublished": "2022-06-13T12:42:55.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:16:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1788 (GCVE-0-2022-1788)
Vulnerability from cvelistv5 – Published: 2022-06-13 12:42 – Updated: 2024-08-03 00:16
VLAI
Title
Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF
Summary
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/c39719e5-dadd-44… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Change Uploaded File Permissions |
Affected:
4.0.0 , ≤ 4.0.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Change Uploaded File Permissions",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:42:55.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Change Uploaded File Permissions \u003c= 4.0.0 - File Permission Update via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1788",
"STATE": "PUBLIC",
"TITLE": "Change Uploaded File Permissions \u003c= 4.0.0 - File Permission Update via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Change Uploaded File Permissions",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.0.0",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c39719e5-dadd-4414-a96d-5e70a1e3d462"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1788",
"datePublished": "2022-06-13T12:42:55.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:16:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}