CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32623
https://notcve.org/view.php?id=CVE-2023-32623
Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server. • https://jvn.jp/en/jp/JVN97127032 https://snow-monkey.2inc.org/2023/07/14/snow-monkey-forms-v5-1-2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28413 – Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont
https://notcve.org/view.php?id=CVE-2023-28413
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. The Snow Monkey Forms plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.1.1 via the 'view' REST endpoint. This allows unauthenticated attackers to upload files with randomized names and non-executable extensions to arbitrary folders. • https://jvn.jp/en/jp/JVN01093915 https://snow-monkey.2inc.org/2023/04/28/snow-monkey-forms-v5-0-7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •