Lucene search

[email protected]NVD:CVE-2023-5711

HistoryDec 07, 2023 - 2:15 a.m.

CVE-2023-5711

2023-12-0702:15:06

CWE-862

[email protected]

web.nvd.nist.gov

wordpress

system dashboard

data access

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.2%

JSON

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.

Affected configurations

Nvd

Node

bowosystem_dashboardRange≤2.8.7wordpress

VendorProductVersionCPE
bowosystem_dashboard*cpe:2.3:a:bowo:system_dashboard:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
bowo	system_dashboard	*	cpe:2.3:a:bowo:system_dashboard::::::wordpress::*

References

plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.7/admin/class-system-dashboard-admin.php#L1925

plugins.trac.wordpress.org/browser/system-dashboard/tags/2.8.8/admin/class-system-dashboard-admin.php#L1932

www.wordfence.com/threat-intel/vulnerabilities/id/17bc3a9f-2bf9-44e3-81ef-bfa932085da9?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.2%

JSON

Related for NVD:CVE-2023-5711

cvelist1 prion1 cve1 wpvulndb1 wordfence1