4.3
CVE-2023-4297
- EPSS 0.64%
- Veröffentlicht 27.11.2023 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:34:48
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginMmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
Mmm Simple File List <= 2.3 - Authenticated (Subscriber+) Directory Traversal
The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
Mögliche Gegenmaßnahme
Mmm Simple File List: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mediamanifesto ≫ Mmm Simple File List SwPlatformwordpress Version <= 2.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Mmm Simple File List
Version
*-2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.457 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
https://wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978
https://www.wordfence.com/threat-intel/vulnerabilities/id/f33a13dc-ebff-4033-9b8d-10076b1c2d0d