Lucene search
K

5 matches found

Patchstack
Patchstack
added 2023/06/22 12:0 a.m.16 views

WordPress wpForo Forum Plugin <= 2.1.7 is vulnerable to Local File Inclusion

Software wpForo Forum Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-2249 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1bcd08b1a273 Credits Hamed Required privilege Subscriber Publishe...

8.8CVSS6.8AI score0.60809EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2023/06/13 6:13 p.m.301 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Gvectors Wpforo_Forum

Original Proof of Concept for CVE-2023-2249 - Proof of Concep...

8.8CVSS9.2AI score0.60809EPSS
Exploits1
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.23 views

CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

8.8CVSS8.9AI score0.60809EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.41 views

CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

8.8CVSS7.5AI score0.60809EPSS
Exploits1References3
CVE
CVE
added 2023/06/09 5:33 a.m.95 views

CVE-2023-2249

CVE-2023-2249 concerns wpForo Forum (WordPress) up to version 2.1.7. The vulnerability stems from insecure use of PHP file_get_contents, enabling Local File Inclusion, Server-Side Request Forgery, and PHAR deserialization. Authenticated attackers with minimal privileges (e.g., subscriber) can rea...

8.8CVSS9AI score0.60809EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder