The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-02-13T14:32:03.338Z
Updated: 2023-12-05T18:52:00.611Z
Reserved: 2023-01-10T16:01:44.637Z
Link: CVE-2023-0159
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-13T15:15:20.827
Modified: 2023-12-05T19:15:07.603
Link: CVE-2023-0159
JSON object: View
Redhat Information
No data.
CWE
No CWE.