CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19041 – Media File Manager <= 1.4.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-19041
05 Nov 2018 — The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. El plugin Media File Manager 1.4.2 para WordPress permite Cross-Site Scripting (XSS) en el parámetro dir de una acción mrelocator_getdir en el URI wp-admin/admin-ajax.php. • https://www.exploit-db.com/exploits/45809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 10%CPEs: 1EXPL: 1CVE-2018-19040 – Media File Manager <= 1.4.2 - Directory Traversal to Directory Listing
https://notcve.org/view.php?id=CVE-2018-19040
11 May 2018 — The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. El plugin Media File Manager 1.4.2 para WordPress permite el listado de directorios mediante un salto de directorio por ../ en el parámetro dir de una acción mrelocator_getdir en el URI wp-admin/admin-ajax.php. The Media File Manager plugin up to and including version 1.4.2 for WordPress allows directory listing via a... • https://www.exploit-db.com/exploits/45809 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2018-19042 – Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation
https://notcve.org/view.php?id=CVE-2018-19042
11 May 2018 — The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI. El plugin Media File Manager 1.4.2 para WordPress permite el movimiento de archivos arbitrario mediante un salto de directorio por ../ en los parámetros dir_from y dir_to de una acción mrelocator_move en el URI wp-admin/admin-ajax.php. • https://www.exploit-db.com/exploits/45809 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 5%CPEs: 1EXPL: 1CVE-2018-19043 – Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Read
https://notcve.org/view.php?id=CVE-2018-19043
11 May 2018 — The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI. El plugin Media File Manager 1.4.2 para WordPress permite renombrar archivos arbitrarios (especificando un nombre de archivo "from" y "to") mediante un salto de directorio por ../ en el parámetro dir de una acción mrelocator_rename en el URI wp-admin/admin-ajax.php. The Me... • https://www.exploit-db.com/exploits/45809 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •