cve/CVE-2023-1273.md at b8bb3913ae5ed6689c69f4d953bda7435b2f2da7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

Description

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks

POC

Reference

https://wpscan.com/vulnerability/0805ed7e-395d-48de-b484-6c3ec1cd4b8e

Github

https://github.com/codeb0ss/CVE-2023-1273-PoC
https://github.com/nomi-sec/PoC-in-GitHub

903 B Raw Blame History

CVE-2023-1273

Description

POC

Reference

Github

903 B

Raw Blame History