8.8
CVE-2023-2288
- EPSS 17.97%
- Veröffentlicht 30.05.2023 08:15:10
- Zuletzt bearbeitet 10.01.2025 21:15:11
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginOtter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization
Otter - Gutenberg Blocks <= 2.2.5 - Authenticated (Author+) PHAR Deserialization
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.
Mögliche Gegenmaßnahme
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE: Update to version 2.2.6, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.97% | 0.968 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://wpscan.com/vulnerability/93acb4ee-1053-48e1-8b69-c09dc3b2f302
https://www.wordfence.com/threat-intel/vulnerabilities/id/f18be13a-1b16-40f8-85a7-bd77b49e243c