S4E

CVE-2023-6065 Scanner

CVE-2023-6065 scanner - Information Disclosure vulnerability in Quttera Web Malware Scanner

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 2 days

Scan only one

URL

Toolbox

-

Quttera Web Malware Scanner is a plugin used by WordPress site administrators to scan their websites for malware and other security threats. It is widely adopted by website owners, security professionals, and IT administrators to ensure the safety and integrity of their online presence. The plugin offers detailed scan reports and identifies potential vulnerabilities within the website. By using this tool, users can proactively protect their sites from malicious attacks. It is crucial for maintaining a secure and healthy website environment.

The Information Disclosure vulnerability in Quttera Web Malware Scanner allows unauthorized access to detailed scan logs. These logs may reveal sensitive information such as local paths and portions of the site's code. This vulnerability can be exploited without any authentication, posing a significant risk to the site's security. It affects versions of the plugin up to and including 3.4.1.48.

The vulnerability resides in the Quttera Web Malware Scanner plugin for WordPress, specifically in versions up to 3.4.1.48. The plugin does not restrict access to its detailed scan logs, which are stored in a publicly accessible location. This can be exploited by an attacker to read the contents of the scan logs by accessing a specific URL path. The logs contain sensitive information such as local file paths and fragments of the site's code, which can aid in further attacks. The vulnerable endpoint is typically located at /wp-content/plugins/quttera-web-malware-scanner/quttera_wp_report.txt.

Exploiting this vulnerability can lead to unauthorized disclosure of sensitive information. Attackers can gain insights into the file structure and code of the website, which can be used to launch more sophisticated attacks. This information disclosure could compromise the security of the website, leading to potential data breaches or further exploitation. Site integrity and user trust can be significantly impacted.

By using the S4E platform, you can ensure comprehensive and continuous monitoring of your digital assets against various security threats. Our platform offers detailed reports and actionable insights to help you promptly address vulnerabilities. Joining our community gives you access to a wide range of security scanners, expert recommendations, and real-time alerts. Protect your website and maintain the trust of your users by staying ahead of potential security issues. Become a member today and enhance your cybersecurity posture with our robust tools and services.

References:

Get started to protecting your Free Full Security Scan