HomePentest-Tools.com Logo

EventON Lite < 2.1.2 - Arbitrary File Download CVE-2023-3219

Severity
CVSSv3 Score
5.3
Vulnerability description

The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n

Risk description

No risk description to display.

Recommendation

Fixed in version 2.1.2

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jul 10, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available