Lucene search
Mohamed AbdelhadyWPVDB-ID:C0136057-F420-4FE7-A147-ECBEC7E7A9B5HistoryNov 06, 2023 - 12:00 a.m.
WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery
2023-11-0600:00:00
Mohamed Abdelhady
wpscan.com
6
vulnerability
unauthenticated
server-side request forgery
plugin
get request
arbitrary url
download
response
software
Description This plugin is vulnerable to server-side request forgery (SSRF) via the path parameter.
PoC
Send a GET request to wpb-show-core/download-file.php with the path parameter set to an arbitrary URL http://example.com/latest/meta-data/iam/security-credentials/wpb-apps-prod-role the website will download/response the files
Related
prion
prion
Server side request forgery (ssrf)
2023-11-27 17:15:00
cvelist
cvelist
cve
cve
CVE-2023-5974
2023-11-27 17:15:09
nvd
nvd
CVE-2023-5974
2023-11-27 17:15:09
wpexploit
wpexploit
WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery
2023-11-06 00:00:00
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.5%
Related for WPVDB-ID:C0136057-F420-4FE7-A147-ECBEC7E7A9B5