CVE-2023-6222

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks

Ссылки

https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing
Exploit
https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-fc55d1bde130
Exploit
Third Party Advisory
https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing
Exploit
https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-fc55d1bde130
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quttera:quttera_web_malware_scanner:*:*:*:*:*:wordpress:*:*

Версия до 3.4.2.1 (исключая)

EPSS

Процентиль: 58%

0.0036

Низкий

7.2 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-jgjj-g58w-4hp3