Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Advanced File Manager 5.2.8

  • Severity: high-risk
  • Status: Fixed
  • Publication: September 25, 2024

The Advanced File Manager plugin for WordPress has a security issue that allows attackers to upload any type of file through a specific file called ‘class_fma_connector.php’. This vulnerability exists in all versions up to and including 5.2.8. If an attacker has been given permissions by an Administrator and has Subscriber-level access, they can upload a new .htaccess file which gives them the ability to upload any file they want onto the website’s server. This could potentially lead to the attacker being able to execute code remotely on the affected site.

Detected in:

Advance File Manager – Ultimate File Manager And Document Library fixed vulnerable versions:
Advanced File Manager fixed vulnerable versions: >= * <= 5.2.8
Advanced File Manager – Ultimate WP File Manager And Document Library Solution fixed vulnerable versions:
Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.