CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2288 – Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization
https://notcve.org/view.php?id=CVE-2023-2288
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper. The Otter - Gutenberg Blocks plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fallback' parameter in versions up to, and including 1.2.7. This makes it possible for authenticated attackers with author privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. • https://wpscan.com/vulnerability/93acb4ee-1053-48e1-8b69-c09dc3b2f302 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15607
https://notcve.org/view.php?id=CVE-2017-15607
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. Inedo Otter en versiones anteriores a la 1.7.4 tiene una vulnerabilidad de salto de directorio en los rafts basados en el sistema de archivos mediante vectores que incluyen caracteres "/" o caracteres iniciales ".". Esta vulnerabilidad también se conoce como OT-181. • https://inedo.com/blog/otter-174-released https://inedo.myjetbrains.com/youtrack/issue/OT-181 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17086
https://notcve.org/view.php?id=CVE-2017-17086
Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. Inedo Otter hasta la versión 1.7.4 gestiona de manera incorrecta una subcadena "/script" en una carga útil DP inicial, lo que permite que los atacantes remotos causen una denegación de servicio (DoS) o posiblemente otro impacto no especificado, tal y como se demuestra con Plan Editor. • https://inedo.myjetbrains.com/youtrack/issue/ILIB-11 • CWE-20: Improper Input Validation •