PT-2019-10108 · Design Chemical · Design Chemical Social Network Tabs

Publicado

2019-03-18

Atualizado

2019-04-16

CVE-2018-20555

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Design Chemical Social Network Tabs plugin version 1.7.1

Description: The issue allows remote attackers to discover sensitive Twitter account information, including access token, access token secret, consumer key, and consumer secret values, by reading the source code of the dcwp twitter.php file. This could lead to Twitter account takeover.

Recommendations: For Design Chemical Social Network Tabs plugin version 1.7.1, consider restricting access to the dcwp twitter.php file to prevent unauthorized users from reading its source code until a patch is available.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-20555

Produtos afetados

Design Chemical Social Network Tabs

PT-2019-10108 · Design Chemical · Design Chemical Social Network Tabs

CVE-2018-20555

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5