exploitDog

CVE-2023-5003

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 7.5

EPSS Высокий

Описание

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

Ссылки

https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:wordpress:*:*

Версия до 4.1.10 (исключая)

EPSS

Процентиль: 99%

0.76331

Высокий

7.5 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-2vvx-5g27-9gvj

CVSS3: 7.5

github

больше 2 лет назад

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

EPSS

Процентиль: 99%

0.76331

Высокий

7.5 High

CVSS3

Дефекты