exploitDog

CVE-2023-53902

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.

Ссылки

https://websitebaker.org/pages/en/home.php
Product
https://www.exploit-db.com/exploits/51554
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/websitebaker-directory-traversal-via-media-delete-endpoint
Third Party Advisory
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:websitebaker:websitebaker:2.13.3:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00761

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-q5hv-gf2m-3r8v

CVSS3: 6.5

github

около 2 месяцев назад

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.

EPSS

Процентиль: 73%

0.00761

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22