Lucene search
PatchstackCVE-2023-38399HistoryMay 17, 2024 - 7:15 a.m.
CVE-2023-38399
2024-05-1707:15:58
CWE-22
Patchstack
web.nvd.nist.gov
64
cve-2023-38399
reserved
security problem
announcement
nvd
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
AI Score
6.8
Confidence
High
EPSS
0
Percentile
10.5%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1.
Affected configurations
Node
avertashortcodes_and_extra_features_for_phlox_themeRange≤2.3.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| averta | shortcodes_and_extra_features_for_phlox_theme | * | cpe:2.3:a:averta:shortcodes_and_extra_features_for_phlox_theme:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "auxin-portfolio",
"product": "Phlox Portfolio",
"vendor": "Averta",
"versions": [
{
"changes": [
{
"at": "2.3.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-38399
2024-05-17 07:15:58
cvelist
cvelist
vulnrichment
vulnrichment
wpvulndb
wpvulndb
Phlox Portfolio < 2.3.2 - Unauthenticated Local File Inclusion
2023-11-24 00:00:00
wordfence
wordfence
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
AI Score
6.8
Confidence
High
EPSS
0
Percentile
10.5%
Related for CVE-2023-38399