CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32268 – Administrator equivalent Filr user can access proxy administrator credentials
https://notcve.org/view.php?id=CVE-2023-32268
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. Exposición de las credenciales de administrador proxy un usuario de Filr equivalente a un administrador autenticado puede acceder a las credenciales de los administradores proxy. • https://portal.microfocus.com/s/article/KM000020081?language=en_US • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5762 – Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
https://notcve.org/view.php?id=CVE-2023-5762
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. El complemento Filr de WordPress anterior a 1.2.3.6 es afectado por una vulnerabilidad RCE (ejecución remota de código), que permite al sistema operativo ejecutar comandos y comprometer completamente el servidor en nombre de un usuario con privilegios de nivel de autor. The Filr – Secure document library plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.2.3.5 (inclusive). This makes it possible for authenticated attackers, with author-level or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38755 – Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1
https://notcve.org/view.php?id=CVE-2022-38755
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. Se ha identificado una vulnerabilidad en Micro Focus Filr en versiones anteriores a la 4.3.1.1. • https://portal.microfocus.com/s/article/KM000011886?language=en_US •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1777 – Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls
https://notcve.org/view.php?id=CVE-2022-1777
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones. El plugin Filr de WordPress versiones anteriores a 1.2.2.1, no presenta comprobación de autorización en dos de sus acciones AJAX, lo que permite que sean llamadas por cualquier usuario autenticado, como el suscriptor. Están protegidas con un nonce, sin embargo el nonce es filtrado en el dashboard. • https://wpscan.com/vulnerability/a50dc7f8-a9e6-41fa-a047-ad1c3bc309b4 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25838
https://notcve.org/view.php?id=CVE-2020-25838
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. Una vulnerabilidad de divulgación de información confidencial no autorizada en el producto Micro Focus Filr. Afectando a todas las versiones 3.x y 4.x. • https://softwaresupport.softwaregrp.com/doc/KM03767186 •