nvd-json-data-feeds/CVE-2023/CVE-2023-42xx/CVE-2023-4297.json

{
  "id": "CVE-2023-4297",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2023-11-27T17:15:08.563",
  "lastModified": "2023-11-30T05:15:24.520",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories."
    },
    {
      "lang": "es",
      "value": "El complemento Mmm Simple File List de WordPress hasta la versi\u00f3n 2.3 no valida la ruta generada para enumerar los archivos, lo que permite a cualquier usuario autenticado, como suscriptores, enumerar el contenido de directorios arbitrarios."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mediamanifesto:mmm_simple_file_list:*:*:*:*:*:wordpress:*:*",
              "versionEndIncluding": "2.3",
              "matchCriteriaId": "A721AEE2-A9B4-4768-8B42-13FC1198D13B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}