Lucene search
WPScanCVE-2023-4297HistoryNov 27, 2023 - 5:15 p.m.
CVE-2023-4297
2023-11-2717:15:08
WPScan
web.nvd.nist.gov
40
mmm simple file list
wordpress
plugin
unauthorized access
file listing
nvd
cve-2023-4297
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
5
Confidence
High
EPSS
0
Percentile
14.0%
The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
Affected configurations
Node
mediamanifestommm_simple_file_listRange≤2.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mediamanifesto | mmm_simple_file_list | * | cpe:2.3:a:mediamanifesto:mmm_simple_file_list:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Mmm Simple File List",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "2.3"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-11-27 17:15:00
wpvulndb
wpvulndb
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
2023-11-06 00:00:00
wpexploit
wpexploit
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
2023-11-06 00:00:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-4297
2023-11-27 17:15:08
wordfence
wordfence
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
5
Confidence
High
EPSS
0
Percentile
14.0%
Related for CVE-2023-4297