CVE-2023-5414
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.
El complemento Icegram Express para WordPress es vulnerable a Directory Traversal en versiones hasta la 5.6.23 incluida a través de la función show_es_logs. Esto permite a atacantes de nivel de administrador leer el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial, incluidos aquellos que pertenecen a otros sitios, por ejemplo, en entornos de alojamiento compartido.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-04 CVE Reserved
- 2023-10-11 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Icegram Search vendor "Icegram" | Icegram Express Search vendor "Icegram" for product "Icegram Express" | <= 5.6.23 Search vendor "Icegram" for product "Icegram Express" and version " <= 5.6.23" | wordpress |
Affected
| ||||||