52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
id: CVE-2023-4714
|
|
|
|
info:
|
|
name: PlayTube 3.0.1 - Information Disclosure
|
|
author: Farish
|
|
severity: high
|
|
description: |
|
|
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
|
|
reference:
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-4714
|
|
- https://www.exploitalert.com/view-details.html?id=39826
|
|
- https://vuldb.com/?ctiid.238577
|
|
- https://vuldb.com/?id.238577
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2023-4714
|
|
cwe-id: CWE-200
|
|
epss-score: 0.02146
|
|
epss-percentile: 0.88028
|
|
cpe: cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: playtube
|
|
product: playtube
|
|
tags: cve,cve2023,playtube,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "razorpay_options"
|
|
- "PlayTube"
|
|
- "key:"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- 'key: "([a-z_A-Z0-9]+)"'
|
|
# digest: 4a0a00473045022100e1601cdaa68d7adc81b828122a1f87c8c1f57d659ef4094053c13365d7918769022056b2a138d80168d3c80601d2e9890a0ebab2c5870fb2d46310ed011ebd35bf94:922c64590222798bb761d5b6d8e72950 |