6 matches found
CVE-2023-1977
creationtimestamp| type| source ---|---|--- 2023-08-16 16:47:26+00:00| seen| https://t.me/cibsecurity/68637...
CVE-2023-1977
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...
CVE-2023-1977
Affected software: WordPress Booking Manager plugin. Vulnerable in versions prior to 2.0.29 where the plugin does not validate URLs in the admin panel or shortcodes that fetch events from a remote ICS file. Root cause: inadequate URL validation enables Server-Side Request Forgery (SSRF), allowing...
CVE-2023-1977 Booking Manager < 2.0.29 - Subscriber+ SSRF
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...
WordPress Booking Manager Plugin < 2.0.29 is vulnerable to Server Side Request Forgery (SSRF)
Software Booking Manager Type Plugin Vulnerable versions 2.0.29 Fixed in 2.0.29 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-1977 Patch priority High CVSS severity High 6.4 Developer Claim ownership PSID dc7cead73df5 Credits Shreya Pohekar...
Amazon Linux 2 : cifs-utils, --advisory ALAS2-2023-1977 (ALAS-2023-1977)
The version of cifs-utils installed on the remote host is prior to 6.2-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1977 advisory. A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may...