CVE-2023-6592
published 2024-01-16CVE-2023-6592: The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.
PriorityP335medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
0.91%
55.6th percentile
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| libssh | libssh | >= 0 < 0.6.3-4.3ubuntu0.6+esm1 | 0.6.3-4.3ubuntu0.6+esm1 |
| libssh | libssh | >= 0 < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 | 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 |
| ninjateam | fastdup | < 2.2 | 2.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv4.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
libssh vulnerabilities
osv·2024-02-05·CVSS 4.8
CVE-2023-6004 libssh vulnerabilities
libssh vulnerabilities
USN-6592-1 fixed vulnerabilities in libssh. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that libssh incorrectly handled the ProxyCommand and the
ProxyJump features. A remote attacker could possibly use this issue to
inject malicious code into the command of the features mentioned through
the hostname parameter. (CVE-2023-6004)
It was discovered that libssh incorrectly handled return codes when
performing message digest operations. A remote attacker could possibly use
this issue to cause libssh to crash, obtain sensitive information, or
execute arbitrary code. (CVE-2023-6918)
GHSA
GHSA-qrr8-cg7m-h9r4: The FastDup WordPress plugin before 2
ghsa_unreviewed·2024-01-16
CVE-2023-6592 [MEDIUM] GHSA-qrr8-cg7m-h9r4: The FastDup WordPress plugin before 2
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.
No detection rules found.
Nuclei
WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing
nuclei·CVSS 5.3
CVE-2023-6592 [MEDIUM] WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing
WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing
FastDup WordPress plugin < 2.2 contains a directory listing vulnerability caused by lack of access restrictions in sensitive directories, letting attackers view export files, exploit requires no authentication.
Template:
id: CVE-2023-6592
info:
name: WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing
author: pussycat0x
severity: medium
description: |
FastDup WordPress plugin < 2.2 contains a directory listing vulnerability caused by lack of access restrictions in sensitive directories, letting attackers view export files, exploit requires no authentication.
impact: |
Attackers can access sensitive export files, potentially leading to information disclosure.
remediation: |
Update to
No writeups or analysis indexed.
https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit/https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4/https://research.cleantalk.org/cve-2023-6592-fastdup-database-users-password-leak-poc-exploit/https://wpscan.com/vulnerability/a39bb807-b143-4863-88ff-1783e407d7d4/
2024-01-16
Published