mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-05 06:38:06 +02:00
0xMarcio
920 B
920 B
CVE-2023-2180
Description
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)