| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Vulnerability | 8 Aug 202300:00 | – | zdt | |
| CVE-2023-4168 | 5 Aug 202322:11 | – | circl | |
| Templatecookie Adlisting Information Disclosure Vulnerability | 5 Aug 202300:00 | – | cnnvd | |
| CVE-2023-4168 | 5 Aug 202317:31 | – | cve | |
| CVE-2023-4168 Templatecookie Adlisting Redirect ad-list information disclosure | 5 Aug 202317:31 | – | cvelist | |
| Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure | 8 Aug 202300:00 | – | exploitdb | |
| CVE-2023-4168 | 5 Aug 202318:15 | – | nvd | |
| Adlisting Classified Ads 2.14.0 Information Disclosure | 7 Aug 202300:00 | – | packetstorm | |
| Design/Logic Flaw | 5 Aug 202318:15 | – | prion | |
| PT-2023-28044 · Unknown · Templatecookie Adlisting | 5 Aug 202300:00 | – | ptsecurity |
| Source | Link |
|---|---|
| exploit-db | www.exploit-db.com/exploits/51667 |
| templatecookie | www.templatecookie.com/demo/adlisting-classified-ads-script |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2023-4168 |
| vuldb | www.vuldb.com/ |
| vuldb | www.vuldb.com/ |
id: CVE-2023-4168
info:
name: Adlisting Classified Ads 2.14.0 - Information Disclosure
author: r3Y3r53
severity: high
description: |
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
impact: |
Unauthenticated attackers can access sensitive API keys, server keys, and app IDs exposed in redirect responses, potentially compromising integrated third-party services and the Google Maps API used by the classified ads platform.
remediation: |
Update Adlisting to a version newer than 2.14.0 that removes sensitive credentials from client-side code and stores API keys securely on the server side.
reference:
- https://www.exploit-db.com/exploits/51667
- https://templatecookie.com/demo/adlisting-classified-ads-script
- https://nvd.nist.gov/vuln/detail/CVE-2023-4168
- https://vuldb.com/?ctiid.236184
- https://vuldb.com/?id.236184
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-4168
cwe-id: CWE-200,NVD-CWE-noinfo
epss-score: 0.36205
epss-percentile: 0.98283
cpe: cpe:2.3:a:templatecookie:adlisting:2.14.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: templatecookie
product: adlisting
tags: cve,cve2023,adlisting,exposure,templatecookie,vuln
http:
- method: GET
path:
- "{{BaseURL}}/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword="
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "google_map_key", "api_key", "auth_domain")'
condition: and
# digest: 4a0a00473045022100fc2e2290e9e0aa5f0cb16dfa83a063d626a519ac465c45b15f64157ec69ddfec02207d762e26d0f45eea851b6d5f4d3eec6dd47072da56c5168bc414cee4d021299a:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation