{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4666", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-08-31T09:36:18.251Z", "datePublished": "2023-10-16T19:39:11.293Z", "dateUpdated": "2024-08-02T07:31:06.651Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-10-16T19:39:11.293Z"}, "title": "Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload", "problemTypes": [{"descriptions": [{"description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Form Maker by 10Web", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "1.15.20"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE"}], "references": [{"url": "https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "dc11", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:31:06.651Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BC0EA9F1-E6B1-4ACB-984A-2D4CAE5319A9", "versionEndExcluding": "1.15.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE"}, {"lang": "es", "value": "El complemento Form Maker by 10Web WordPress anterior al 15.1.20 no valida las firmas cuando las crea en el servidor a partir de la entrada del usuario, lo que permite a usuarios no autenticados crear archivos arbitrarios y conducir a RCE"}], "id": "CVE-2023-4666", "lastModified": "2023-11-07T04:22:49.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-16T20:15:15.927", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}