daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

format update

patch-1
Dhiyaneshwaran 2024-05-03 11:09:48 +05:30 committed by GitHub
parent 4ea43c1eda
commit 33a22d26a9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
http/cves/2023/CVE-2023-5003.yaml
View File

@ -6,6 +6,7 @@ info:
severity: high severity: high
description: | description: |
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
remediation: Fixed in 4.1.10
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-5003 - https://nvd.nist.gov/vuln/detail/CVE-2023-5003
- https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748/ - https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748/
@ -14,12 +15,14 @@ info:
cvss-score: 7.5 cvss-score: 7.5
cve-id: CVE-2023-5003 cve-id: CVE-2023-5003
epss-score: 0.00084 epss-score: 0.00084
epss-percentile: 0.35002 epss-percentile: 0.35074
cpe: cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:wordpress:*:* cpe: cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:wordpress:*:*
metadata: metadata:
vendor: miniorange vendor: miniorange
product: active_directory_integration_\/_ldap_integration product: active_directory_integration_\/_ldap_integration
framework: wordpress framework: wordpress
verified: true
max-request: 1
tags: wpscan,exposure,csv,ldap,cve2023,wordpress,wp-plugin tags: wpscan,exposure,csv,ldap,cve2023,wordpress,wp-plugin
http: http:
@ -29,9 +32,6 @@ http:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status
status:
- 200
- type: word - type: word
words: words:
- "ID" - "ID"
@ -39,3 +39,7 @@ http:
- "TIME" - "TIME"
- "LDAP STATUS" - "LDAP STATUS"
condition: and condition: and
- type: status
status:
- 200