漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal
Vulnerability Description
The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server (such as wp-config.php) when guest upload mode is enabled. Deleting wp-config.php forces the site into its setup routine, which can be leveraged toward a full site takeover.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
nmedia Frontend File Manager Plugin 输入验证错误漏洞
Vulnerability Description
N-Media Frontend File Manager Plugin是N-Media个人开发者的一款前端文件管理器插件。 nmedia Frontend File Manager Plugin 23.6及之前版本存在输入验证错误漏洞,该漏洞源于未验证用户输入的文件路径,允许未经验证的用户在启用访客上传模式时删除服务器上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A