Permalink
CVE-2022-47599
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.
References
- https://patchstack.com/database/vulnerability/file-manager/wordpress-bit-file-m… vdb-entry
- https://patchstack.com/database/vulnerability/file-manager/wordpress-bit-file-m… x_transferred vdb-entry
- https://patchstack.com/database/vulnerability/file-manager/wordpress-bit-file-m… vdb-entry
- https://patchstack.com/database/vulnerability/file-manager/wordpress-bit-file-m… x_transferred vdb-entry
Affected products
file-manager
- =<5.2.7
Matching in nixpkgs
pkgs.python312Packages.show-in-file-manager
Open the system file manager and select files in it
-
nixos-unstable -
- nixpkgs-unstable 1.1.5
pkgs.python313Packages.show-in-file-manager
Open the system file manager and select files in it
-
nixos-unstable -
- nixpkgs-unstable 1.1.5