How severe is CVE-2023-6825?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2023-6825?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2023-6825

CRITICAL Year: 2023

CVSS v3 Score

9.9

Critical

Weakness Type

CWE-22

View all →

Vulnerability Description

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users.

CVE-2018-16367

CRITICAL

CVSS:9.9(Critical)

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.

CWE-222018

CVE-2018-18809

CRITICAL

CVSS:9.9(Critical)

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperRep...

CWE-222018

CVE-2018-19586

CRITICAL

CVSS:9.9(Critical)

Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a St...

CWE-222018

CVE-2019-11510

CRITICAL

CVSS:9.9(Critical)

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary ...

CWE-222019

CVE-2019-13343

CRITICAL

CVSS:9.9(Critical)

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers ...

CWE-222019

CVE-2020-6142

CRITICAL

CVSS:9.9(Critical)

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP reques...

CWE-222020

CVE-2023-6825

Vulnerability Description

Related Vulnerabilities

CVE-2018-16367

CVE-2018-18809

CVE-2018-19586

CVE-2019-11510

CVE-2019-13343

CVE-2020-6142