CVE-2020-35235

{"id": "CVE-2020-35235", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-12-14T03:15:13.370", "references": [{"url": "https://blog.nintechnet.com/authenticated-rce-vulnerability-in-wordpress-secure-file-manager-plugin-unpatched/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wordpress.org/plugins/secure-file-manager/#developers", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"}, {"lang": "es", "value": "**NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** El archivo vendor/elfinder/php/connector.minimal.php en el plugin Secure-File-Manager versiones hasta 2.5 para WordPress, carga el c\u00f3digo elFinder sin el control de acceso apropiado. Por lo tanto, cualquier usuario autenticado puede ejecutar el comando de carga elFinder para lograr una ejecuci\u00f3n de c\u00f3digo remota. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor."}], "lastModified": "2024-06-11T16:15:15.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:themexa:secure_file_manager:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B2CFC048-CB75-421E-846D-889A54EAA044", "versionEndIncluding": "2.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}