admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-58xx/CVE-2023-5877.json
cad-safe-bot cf451b0e4e Auto-Update: 2024-01-02T15:00:25.590479+00:00
2024-01-02 15:00:29 +00:00

24 lines
1.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-5877",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-01T15:15:42.727",
"lastModified": "2024-01-02T13:47:38.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue."
},
{
"lang": "es",
"value": "affiliate-toolkit WordPress plugin anterior a 3.4.3 carece de autorizaci\u00f3n y autenticaci\u00f3n para solicitudes a su endpoint afiliado-toolkit-starter/tools/atkp_imagereceiver.php, lo que permite a visitantes no autenticados realizar solicitudes a URL arbitrarias, incluidas direcciones privadas RFC1918, que conducen a un servidor. Problema de Server Side Request Forgery (SSRF)."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/39ed4934-3d91-4924-8acc-25759fef9e81",
"source": "contact@wpscan.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink