Search

Find a vulnerability

Search criteria

    2 vulnerabilities by wprealize

    CVE-2023-0159 (GCVE-0-2023-0159)

    Vulnerability from nvd – Published: 2023-02-13 14:32 – Updated: 2024-08-02 05:02
    VLAI KEVIntel
    Title
    Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
    Summary
    The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/239ea870-66e5-47… exploitvdb-entrytechnical-description
    Impacted products
    Credits
    dc11 WPScan
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Extensive VC Addons for WPBakery page builder",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "dc11"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-05T18:52:00.611Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": " Extensive VC Addons for WPBakery page builder \u003c 1.9.1 - Unauthenticated RCE",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-0159",
    "datePublished": "2023-02-13T14:32:03.338Z",
    "dateReserved": "2023-01-10T16:01:44.637Z",
    "dateUpdated": "2024-08-02T05:02:43.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

    CVE-2023-0159 (GCVE-0-2023-0159)

    Vulnerability from cvelistv5 – Published: 2023-02-13 14:32 – Updated: 2024-08-02 05:02
    VLAI KEVIntel
    Title
    Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
    Summary
    The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/239ea870-66e5-47… exploitvdb-entrytechnical-description
    Impacted products
    Credits
    dc11 WPScan
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Extensive VC Addons for WPBakery page builder",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "dc11"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-05T18:52:00.611Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": " Extensive VC Addons for WPBakery page builder \u003c 1.9.1 - Unauthenticated RCE",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-0159",
    "datePublished": "2023-02-13T14:32:03.338Z",
    "dateReserved": "2023-01-10T16:01:44.637Z",
    "dateUpdated": "2024-08-02T05:02:43.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}