5 matches found
CVE-2023-2180
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...
CVE-2023-2180 KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...
CVE-2023-2180 KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...
CVE-2023-2180
The CVE-2023-2180 entry concerns the KIWIZ Invoices Certification & PDF System WordPress plugin (versions ≤ 2.1.3). Affected component: file download path validation is insufficient, enabling an unauthenticated attacker to read/download arbitrary files. The issue also enables PHAR unserialization...
WordPress KIWIZ Invoices Certification & PDF System Plugin <= 2.1.3 is vulnerable to Arbitrary File Download
Software KIWIZ Invoices Certification & PDF System Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Download CVE CVE-2023-2180 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID daccef4ee9c6 Credits WPScan Required...