Lucene search

K
cve[email protected]CVE-2023-5355
HistoryNov 06, 2023 - 9:15 p.m.

CVE-2023-5355

2023-11-0621:15:09
CWE-22
web.nvd.nist.gov
30
cve-2023-5355
awesome support
wordpress plugin
file path
security vulnerability
nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.

Affected configurations

Vulners
NVD
Node
awesomelibmemcachedRange<6.1.5
VendorProductVersionCPE
awesomelibmemcached*cpe:2.3:a:awesome:libmemcached:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Awesome Support",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "6.1.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

Related for CVE-2023-5355