Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Filr by Unknown
CVE-2023-5762 (GCVE-0-2023-5762)
Vulnerability from nvd – Published: 2023-12-04 21:28 – Updated: 2024-08-02 08:07
VLAI
EPSS
VEX
Title
Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
Summary
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/6ad99725-eccc-4b… | exploitvdb-entrytechnical-description |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Filr",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmtirii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T21:28:22.256Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Filr \u2013 Secure document library \u003c 1.2.3.6 - Author+ RCE via file upload with phar ext",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5762",
"datePublished": "2023-12-04T21:28:22.256Z",
"dateReserved": "2023-10-25T03:27:18.484Z",
"dateUpdated": "2024-08-02T08:07:32.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5762 (GCVE-0-2023-5762)
Vulnerability from cvelistv5 – Published: 2023-12-04 21:28 – Updated: 2024-08-02 08:07
VLAI
EPSS
VEX
Title
Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
Summary
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/6ad99725-eccc-4b… | exploitvdb-entrytechnical-description |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Filr",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmtirii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T21:28:22.256Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Filr \u2013 Secure document library \u003c 1.2.3.6 - Author+ RCE via file upload with phar ext",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5762",
"datePublished": "2023-12-04T21:28:22.256Z",
"dateReserved": "2023-10-25T03:27:18.484Z",
"dateUpdated": "2024-08-02T08:07:32.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}