CVE-2024-5598
Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.
El complemento Advanced File Manager para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 5.2.4 incluida a través de la función 'fma_local_file_system'. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidas copias de seguridad u otra información confidencial, si los archivos se han movido a la carpeta Papelera integrada.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-03 CVE Reserved
- 2024-06-28 CVE Published
- 2024-08-01 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-922: Insecure Storage of Sensitive Information
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Modalweb Search vendor "Modalweb" | Advanced File Manager Search vendor "Modalweb" for product "Advanced File Manager" | <= 5.2.4 Search vendor "Modalweb" for product "Advanced File Manager" and version " <= 5.2.4" | en |
Affected
| ||||||