exploitDog

CVE-2023-28408

Опубликовано: 23 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.

Ссылки

https://jvn.jp/en/jp/JVN01093915/
Third Party Advisory
https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/
Vendor Advisory
https://jvn.jp/en/jp/JVN01093915/
Third Party Advisory
https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mw_wp_form_project:mw_wp_form:*:*:*:*:*:wordpress:*:*

Версия до 4.4.2 (включая)

EPSS

Процентиль: 86%

0.02803

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-3q42-588x-m4gv

CVSS3: 9.8

github

больше 2 лет назад

Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.

EPSS

Процентиль: 86%

0.02803

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22