54 lines
1.6 KiB
YAML
54 lines
1.6 KiB
YAML
id: CVE-2023-4714
|
|
|
|
info:
|
|
name: PlayTube 3.0.1 - Information Disclosure
|
|
author: Farish
|
|
severity: high
|
|
description: |
|
|
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
|
|
impact: |
|
|
An attacker can exploit this vulnerability to gain access to sensitive information.
|
|
reference:
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-4714
|
|
- https://www.exploitalert.com/view-details.html?id=39826
|
|
- https://vuldb.com/?ctiid.238577
|
|
- https://vuldb.com/?id.238577
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2023-4714
|
|
cwe-id: CWE-200
|
|
epss-score: 0.02512
|
|
epss-percentile: 0.89027
|
|
cpe: cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: playtube
|
|
product: playtube
|
|
tags: cve2023,cve,playtube,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "razorpay_options"
|
|
- "PlayTube"
|
|
- "key:"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- 'key: "([a-z_A-Z0-9]+)"'
|
|
# digest: 4a0a004730450220289b3208867579b1cfc1d6e1c2bf8cc5ffd7bb4fe3214f11a65a16e70948221f0221009e2794bd2b32e5bc963b223d45602ce11062bcbd8434e141c4743f302be772b6:922c64590222798bb761d5b6d8e72950 |