CVE-2023-6222
Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks
El complemento Quttera Web Malware Scanner de WordPress anterior a 3.4.2.1 no valida la entrada del usuario utilizada en una ruta, lo que podría permitir a los usuarios con función de administrador realizar ataques de path traversal.
The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.1.48 via the ShowFile function. This allows an administrator to view arbitrary files on the server.
*Credits:
Dmitrii Ignatyev, WPScan
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-20 CVE Reserved
- 2023-11-21 CVE Published
- 2023-12-22 EPSS Updated
- 2024-09-30 CVE Updated
- 2024-09-30 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing | 2024-09-30 | |
https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-fc55d1bde130 | 2024-09-30 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Quttera Search vendor "Quttera" | Quttera Web Malware Scanner Search vendor "Quttera" for product "Quttera Web Malware Scanner" | < 3.4.2.1 Search vendor "Quttera" for product "Quttera Web Malware Scanner" and version " < 3.4.2.1" | wordpress |
Affected
|