Lucene search
WPScanVULNRICHMENT:CVE-2023-4297HistoryNov 27, 2023 - 4:22 p.m.
CVE-2023-4297 Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
2023-11-2716:22:01
WPScan
github.com
3
cve-2023-4297
wordpress plugin
arbitrary directory listing
The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:mmm_simple_file_list:mmm_simple_file_list:2.3:*:*:*:*:*:*:*"
],
"vendor": "mmm_simple_file_list",
"product": "mmm_simple_file_list",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2.3"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
wpvulndb
wpvulndb
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
2023-11-06 00:00:00
nvd
nvd
CVE-2023-4297
2023-11-27 17:15:08
wpexploit
wpexploit
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
2023-11-06 00:00:00
prion
prion
Design/Logic Flaw
2023-11-27 17:15:00
cve
cve
CVE-2023-4297
2023-11-27 17:15:08
wordfence
wordfence
AI Score
6.7
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-4297