Lucene search
WPScanCVELIST:CVE-2023-4297HistoryNov 27, 2023 - 4:22 p.m.
CVE-2023-4297 Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
2023-11-2716:22:01
WPScan
www.cve.org
1
mmm simple file list
authenticated users
arbitrary directories
The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Mmm Simple File List",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "2.3"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Design/Logic Flaw
2023-11-27 17:15:00
cve
cve
CVE-2023-4297
2023-11-27 17:15:08
wpvulndb
wpvulndb
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
2023-11-06 00:00:00
wpexploit
wpexploit
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
2023-11-06 00:00:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-4297
2023-11-27 17:15:08
wordfence
wordfence