2023-09-14 15:08:32 +00:00
id : CVE-2023-4714
info :
2023-09-15 16:41:27 +00:00
name : PlayTube 3.0.1 - Information Disclosure
2023-09-14 15:08:32 +00:00
author : Farish
severity : high
description : |
2023-09-27 15:51:13 +00:00
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
impact : |
An attacker can exploit this vulnerability to gain access to sensitive information.
2023-09-14 15:08:32 +00:00
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2023-4714
- https://www.exploitalert.com/view-details.html?id=39826
2023-10-14 11:27:55 +00:00
- https://vuldb.com/?ctiid.238577
- https://vuldb.com/?id.238577
2023-09-14 15:08:32 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
2023-10-14 11:27:55 +00:00
cve-id : CVE-2023-4714
2023-09-14 15:08:32 +00:00
cwe-id : CWE-200
2023-11-14 14:37:18 +00:00
epss-score : 0.02131
2023-12-12 11:07:52 +00:00
epss-percentile : 0.88024
2023-10-14 11:27:55 +00:00
cpe : cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:*
2023-09-14 15:08:32 +00:00
metadata :
2023-09-15 16:41:27 +00:00
verified : true
2023-09-27 15:51:13 +00:00
max-request : 1
2023-10-14 11:27:55 +00:00
vendor : playtube
product : playtube
2023-09-15 16:41:27 +00:00
tags : cve,cve2023,playtube,exposure
2023-09-14 15:11:26 +00:00
2023-09-14 15:08:32 +00:00
http :
- method : GET
path :
- '{{BaseURL}}'
matchers-condition : and
matchers :
- type : word
words :
- "razorpay_options"
- "PlayTube"
2023-09-15 16:42:25 +00:00
- "key:"
2023-09-14 15:08:32 +00:00
condition : and
- type : status
status :
- 200
extractors :
- type : regex
part : body
regex :
- 'key : "([a-z_A-Z0-9]+)" '
2023-12-12 12:02:03 +00:00
# digest: 490a004630440220562b4320e12d4a96b314fb67b0dcb3845d719ed3cedecf2f3b2570121538245d022041fd7198bbbb302bc82e05d1cdf1778b98dbe5f73f627d36de9d528c19f685ac:922c64590222798bb761d5b6d8e72950