id: CVE-2023-4714 info: name: PlayTube 3.0.1 - Information Disclosure author: Farish severity: high description: | A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. impact: | An attacker can exploit this vulnerability to gain access to sensitive information. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-4714 - https://www.exploitalert.com/view-details.html?id=39826 - https://vuldb.com/?ctiid.238577 - https://vuldb.com/?id.238577 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-4714 cwe-id: CWE-200 epss-score: 0.02131 epss-percentile: 0.88024 cpe: cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: playtube product: playtube tags: cve,cve2023,playtube,exposure http: - method: GET path: - '{{BaseURL}}' matchers-condition: and matchers: - type: word words: - "razorpay_options" - "PlayTube" - "key:" condition: and - type: status status: - 200 extractors: - type: regex part: body regex: - 'key: "([a-z_A-Z0-9]+)"' # digest: 4a0a00473045022100a0371e97b1c6c4e0332ea0975bf22129b404b2178f508fd4805e15855df90162022024be5e8400250d84178af17b224db2baa7ac5345dae331e760b1e1e504480315:922c64590222798bb761d5b6d8e72950