4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.094 Low
EPSS
Percentile
94.8%
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
id: CVE-2023-4168
info:
name: Adlisting Classified Ads 2.14.0 - Information Disclosure
author: r3Y3r53
severity: high
description: |
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
reference:
- https://www.exploit-db.com/exploits/51667
- https://templatecookie.com/demo/adlisting-classified-ads-script
- https://nvd.nist.gov/vuln/detail/CVE-2023-4168
- https://vuldb.com/?ctiid.236184
- https://vuldb.com/?id.236184
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-4168
cwe-id: CWE-200,NVD-CWE-noinfo
epss-score: 0.09433
epss-percentile: 0.94715
cpe: cpe:2.3:a:templatecookie:adlisting:2.14.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: templatecookie
product: adlisting
tags: cve,cve2023,adlisting,exposure,templatecookie
http:
- method: GET
path:
- "{{BaseURL}}/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword="
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "google_map_key", "api_key", "auth_domain")'
condition: and
# digest: 4a0a0047304502204a134453e2464f93bf132fd8db6c09f27613be39ba4c0aaef68337bd060407ff0221009c766e234ab5de0d38872d51aaf73fb6396249477d8cfef7840159bba28559dd:922c64590222798bb761d5b6d8e72950
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.094 Low
EPSS
Percentile
94.8%