Vulnerabilities > CVE-2023-2180 - Unspecified vulnerability in Kiwiz Invoices Certification & PDF System Project Kiwiz Invoices Certification & PDF System
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |