Lucene search
K

5 matches found

NVD
NVD
added 2023/05/15 1:15 p.m.16 views

CVE-2023-2180

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...

7.5CVSS7.7AI score0.00866EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/05/15 12:15 p.m.9 views

CVE-2023-2180 KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...

7.6AI score0.00866EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/05/15 12:15 p.m.15 views

CVE-2023-2180 KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...

7.8AI score0.00866EPSS
Exploits2References1
CVE
CVE
added 2023/05/15 12:15 p.m.54 views

CVE-2023-2180

The CVE-2023-2180 entry concerns the KIWIZ Invoices Certification & PDF System WordPress plugin (versions ≤ 2.1.3). Affected component: file download path validation is insufficient, enabling an unauthenticated attacker to read/download arbitrary files. The issue also enables PHAR unserialization...

7.5CVSS7.7AI score0.00866EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/04/27 12:0 a.m.10 views

WordPress KIWIZ Invoices Certification & PDF System Plugin <= 2.1.3 is vulnerable to Arbitrary File Download

Software KIWIZ Invoices Certification & PDF System Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Download CVE CVE-2023-2180 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID daccef4ee9c6 Credits WPScan Required...

7.5CVSS7.2AI score0.00866EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder