// For flags

CVE-2023-4797

Newsletter Lite < 4.9.3 - Admin+ Command Injection

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

El complemento Newsletters de WordPress anterior a 4.9.3 no escapa adecuadamente a los parĂ¡metros controlados por el usuario cuando se agregan a consultas SQL y comandos de shell, lo que podrĂ­a permitir a un administrador ejecutar comandos arbitrarios en el servidor.

The Newsletters plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.9.2 via the emailarchive_olderthan parameter. This is due to insuffcient validation on user supplied input being passed to eval. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.

*Credits: Karolis Narvilas, WPScan
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-09-06 CVE Reserved
  • 2023-10-05 CVE Published
  • 2024-01-24 EPSS Updated
  • 2024-10-22 CVE Updated
  • 2024-10-22 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tribulant
Search vendor "Tribulant"
Newsletters
Search vendor "Tribulant" for product "Newsletters"
< 4.9.3
Search vendor "Tribulant" for product "Newsletters" and version " < 4.9.3"
wordpress
Affected