What the vulnerability does
01Description
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.3.
Explanation of Vulnerability in Simple Terms
02Summary
Frontend File Manager versions 23.3 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify files through the web interface. The vulnerability requires no user interaction and can be exploited remotely over the network. Integrity of stored files is at risk; confidentiality and availability are not directly affected.
What an attacker can do
03Attacker Capabilities
Modify or alter files on the site without authentication.
Potential impact on your site
04Site Impact
Attackers can change file contents without logging in, risking data corruption and malicious modifications.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
May 12, 2026
Record updated