5 matches found
WordPress wpForo Forum Plugin <= 2.1.7 is vulnerable to Local File Inclusion
Software wpForo Forum Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-2249 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1bcd08b1a273 Credits Hamed Required privilege Subscriber Publishe...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Gvectors Wpforo_Forum
Original Proof of Concept for CVE-2023-2249 - Proof of Concep...
CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...
CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...
CVE-2023-2249
CVE-2023-2249 concerns wpForo Forum (WordPress) up to version 2.1.7. The vulnerability stems from insecure use of PHP file_get_contents, enabling Local File Inclusion, Server-Side Request Forgery, and PHAR deserialization. Authenticated attackers with minimal privileges (e.g., subscriber) can rea...