CVE-2023-3814

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

Related Vulnerabilities

CVE-2017-6816

MEDIUM
CVSS:4.9(Medium)

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

CWE-8632017

CVE-2020-15120

MEDIUM
CVSS:4.9(Medium)

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be fur...

CWE-8632020

CVE-2020-26028

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.

CWE-8632020

CVE-2021-22186

MEDIUM
CVSS:4.9(Medium)

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners

CWE-8632021

CVE-2021-22535

MEDIUM
CVSS:4.9(Medium)

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could ...

CWE-8632021

CVE-2021-29158

MEDIUM
CVSS:4.9(Medium)

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.

CWE-8632021