Lucene search
Mohamed AbdelhadyWPVDB-ID:968D87C0-AF60-45EA-B34E-8551313CC8DFHistoryNov 06, 2023 - 12:00 a.m.
WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion
2023-11-0600:00:00
Mohamed Abdelhady
wpscan.com
2
vulnerability
unauthenticated
local file inclusion
path parameter
wpb show core
software
Description This plugin is vulnerable to a local file inclusion via the path parameter.
PoC
Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary file path on the server, - “/etc/resolv.conf” - “/etc/hosts” - “…/…/…/wp-config.php”
Related
prion
prion
Design/Logic Flaw
2023-11-27 17:15:00
cvelist
cvelist
CVE-2023-4922 WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion
2023-11-27 16:22:03
nvd
nvd
CVE-2023-4922
2023-11-27 17:15:08
wpexploit
wpexploit
WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion
2023-11-06 00:00:00
cve
cve
CVE-2023-4922
2023-11-27 17:15:08
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
43.0%
Related for WPVDB-ID:968D87C0-AF60-45EA-B34E-8551313CC8DF