CVE-2022-4748

Name of the Vulnerable Software and Affected Versions FlatPress (affected versions not specified)

Description A critical issue was found in FlatPress, affecting the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the deletefile argument leads to path traversal.

Recommendations Apply a patch to fix this issue. As a temporary workaround, consider restricting access to the doItemActions function in the affected file until a patch is available.