id: CVE-2023-4714 info: name: PlayTube 3.0.1 - Information Disclosure author: Farish severity: high description: | A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-4714 - https://www.exploitalert.com/view-details.html?id=39826 - https://vuldb.com/?ctiid.238577 - https://vuldb.com/?id.238577 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-4714 cwe-id: CWE-200 epss-score: 0.02146 epss-percentile: 0.88067 cpe: cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: playtube product: playtube tags: cve,cve2023,playtube,exposure http: - method: GET path: - '{{BaseURL}}' matchers-condition: and matchers: - type: word words: - "razorpay_options" - "PlayTube" - "key:" condition: and - type: status status: - 200 extractors: - type: regex part: body regex: - 'key: "([a-z_A-Z0-9]+)"' # digest: 4a0a0047304502210080aabe3bcdbb5da2d4c6c89df8e24b1cb995d5059a6191a6eb88e34d7dfdf2b2022034b8718f706fc8288628c79e9c979d16db21f1ffbaf86c6edc92be126f6e5241:922c64590222798bb761d5b6d8e72950