Lucene search
K

6 matches found

Circl
Circl
added 2023/08/16 4:47 p.m.6 views

CVE-2023-1977

creationtimestamp| type| source ---|---|--- 2023-08-16 16:47:26+00:00| seen| https://t.me/cibsecurity/68637...

8.8CVSS8.6AI score0.00823EPSS
Exploits2References1
NVD
NVD
added 2023/08/16 12:15 p.m.16 views

CVE-2023-1977

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

8.8CVSS8.6AI score0.00823EPSS
Exploits2References1
CVE
CVE
added 2023/08/16 11:3 a.m.61 views

CVE-2023-1977

Affected software: WordPress Booking Manager plugin. Vulnerable in versions prior to 2.0.29 where the plugin does not validate URLs in the admin panel or shortcodes that fetch events from a remote ICS file. Root cause: inadequate URL validation enables Server-Side Request Forgery (SSRF), allowing...

8.8CVSS8.7AI score0.00823EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/16 11:3 a.m.17 views

CVE-2023-1977 Booking Manager < 2.0.29 - Subscriber+ SSRF

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

7.1AI score0.00823EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/05/05 12:0 a.m.10 views

WordPress Booking Manager Plugin < 2.0.29 is vulnerable to Server Side Request Forgery (SSRF)

Software Booking Manager Type Plugin Vulnerable versions 2.0.29 Fixed in 2.0.29 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-1977 Patch priority High CVSS severity High 6.4 Developer Claim ownership PSID dc7cead73df5 Credits Shreya Pohekar...

8.8CVSS6.5AI score0.00823EPSS
Exploits2References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/07 12:0 a.m.60 views

Amazon Linux 2 : cifs-utils, --advisory ALAS2-2023-1977 (ALAS-2023-1977)

The version of cifs-utils installed on the remote host is prior to 6.2-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1977 advisory. A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may...

5.3CVSS6.3AI score0.01804EPSS
Exploits0References4
Rows per page
Query Builder