The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
History

Wed, 25 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Hyno
Hyno dropbox Folder Share
CPEs cpe:2.3:a:hyno:dropbox_folder_share:*:*:*:*:*:*:*:*
Vendors & Products Hyno
Hyno dropbox Folder Share
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-09-16T08:31:30.152Z

Updated: 2024-09-25T13:44:03.123Z

Reserved: 2023-05-31T21:35:33.039Z

Link: CVE-2023-3025

cve-icon Vulnrichment

Updated: 2024-08-02T06:41:04.071Z

cve-icon NVD

Status : Modified

Published: 2023-09-16T09:15:07.447

Modified: 2024-11-21T08:16:16.200

Link: CVE-2023-3025

cve-icon Redhat

No data.