Arbitrary File Uploads Vulnerability in Bit File Manager
CVE-2024-7770

8.8HIGH

Key Information:

Vendor
Wordpress
Status
Bit File Manager – 100% Free & Open Source File Manager And Code Editor For WordPress
Vendor
CVE Published:
10 September 2024

Summary

The Bit File Manager, a widely used file management tool for WordPress, is subject to a vulnerability allowing authenticated attackers with Subscriber-level access and upload permissions to execute arbitrary file uploads. This occurs due to insufficient validation of file types in the upload function across all versions up to and including 6.5.5. Malicious users could potentially exploit this flaw to deliver harmful files to the server, raising concerns regarding remote code execution and overall website security.

Affected Version(s)

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress * <= 6.5.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/file-manager/t...
https://plugins.trac.wordpress.org/browser/file-manager/t...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TANG Cheuk Hei
.