CVE-2022-2046

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.

Related Vulnerabilities

CVE-2017-11404

MEDIUM
CVSS:4.9(Medium)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.

CWE-4342017

CVE-2017-11405

MEDIUM
CVSS:4.9(Medium)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/modul...

CWE-4342017

CVE-2018-16373

MEDIUM
CVSS:4.9(Medium)

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.

CWE-4342018

CVE-2018-16397

MEDIUM
CVSS:4.9(Medium)

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,

CWE-4342018

CVE-2019-8140

MEDIUM
CVSS:4.9(Medium)

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the M...

CWE-4342019

CVE-2020-6975

MEDIUM
CVSS:4.9(Medium)

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious...

CWE-4342020