exploitDog

CVE-2023-5991

Опубликовано: 26 дек. 2023

Источник: nvd

CVSS3: 9.8

EPSS Высокий

Описание

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server

Ссылки

https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:motopress:hotel_booking_lite:*:*:*:*:*:wordpress:*:*

Версия до 4.8.5 (исключая)

EPSS

Процентиль: 99%

0.79187

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-5c4q-4rqx-7fcj

CVSS3: 9.8

github

около 2 лет назад

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server

EPSS

Процентиль: 99%

0.79187

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-22