CVE-2023-37865
published 2024-06-04CVE-2023-37865: Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by…
PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.35%
26.9th percentile
Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2.29.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ip2location | country_blocker | < 2.29.2 | 2.29.2 |
| ip2location | download_ip2location_country_blocker | n/a – 2.29.1 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vendor_oracle9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-427c-xc35-8535: Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constr
ghsa_unreviewed·2024-06-04
CVE-2023-37865 [MEDIUM] CWE-290 GHSA-427c-xc35-8535: Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constr
Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2.29.1.
Oracle
Oracle Oracle MySQL Risk Matrix: Monitoring: General (Apache Ivy) — CVE-2022-37865
vendor_oracle·2023-07-15·CVSS 9.1
CVE-2022-37865 [CRITICAL] Oracle Oracle MySQL Risk Matrix: Monitoring: General (Apache Ivy) — CVE-2022-37865
Oracle Oracle MySQL Risk Matrix: Monitoring: General (Apache Ivy) vulnerability
CVE: CVE-2022-37865
CVSS: 9.1
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Oracle
Oracle Oracle Communications Risk Matrix: Installation (Apache Ivy) — CVE-2022-37865
vendor_oracle·2023-04-15·CVSS 9.1
CVE-2022-37865 [CRITICAL] Oracle Oracle Communications Risk Matrix: Installation (Apache Ivy) — CVE-2022-37865
Oracle Oracle Communications Risk Matrix: Installation (Apache Ivy) vulnerability
CVE: CVE-2022-37865
CVSS: 9.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-29-1-ip-bypass-vulnerability-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-29-1-ip-bypass-vulnerability-vulnerability?_s_id=cve
2024-06-04
Published