CVE-2022-4748

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-22
View all →

Vulnerability Description

A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2004-0847

CRITICAL
CVSS:9.8(Critical)

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash)...

CWE-222004

CVE-2005-10002

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The man...

CWE-222005

CVE-2006-7079

CRITICAL
CVSS:9.8(Critical)

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute ...

CWE-222006

CVE-2007-4559

CRITICAL
CVSS:9.8(Critical)

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) ...

CWE-222007

CVE-2009-1936

CRITICAL
CVSS:9.8(Critical)

_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct r...

CWE-222009