CVE-2023-5907

File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.

El complemento File Manager de WordPress anterior a 6.3 no restringe el directorio raíz de los administradores de archivos, lo que permite a un administrador establecer una raíz fuera del directorio raíz de WordPress, brindando acceso a archivos y directorios del sistema incluso en una configuración de múltiples sitios, donde los administradores de sitios no deberían tener permiso para modificar los archivos del sitio.

The File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.2 via the Root Folder Path setting. This makes it possible for authenticated attackers, with administrative-level access and above, to read the contents of arbitrary files on the server (past the root WordPress instance), which can contain sensitive information.

*Credits: Dmitrii Ignatyev, WPScan

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-11-01 CVE Reserved
2023-11-20 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2024-11-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-552: Files or Directories Accessible to External Parties

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919e	2024-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bitapps Search vendor "Bitapps"		File Manager Search vendor "Bitapps" for product "File Manager"				< 6.3 Search vendor "Bitapps" for product "File Manager" and version " < 6.3"		wordpress		Affected