CVE-2023-6120 - Vulnerability Details - OpenCVE

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Welcart	Welcart E-commerce

Configuration 1 [-]

cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1
https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve

History

Thu, 20 Feb 2025 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Welcart Welcart welcart E-commerce
CPEs	cpe:2.3:a:collne:welcart_e-commerce::::::wordpress::*	cpe:2.3:a:welcart:welcart_e-commerce::::::wordpress::*
Vendors & Products	Collne Collne welcart E-commerce	Welcart Welcart welcart E-commerce

Wed, 09 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-12-09T06:52:00.170Z

Updated: 2024-10-09T14:38:05.195Z

Reserved: 2023-11-14T10:10:27.070Z

Link: CVE-2023-6120

Vulnrichment

Updated: 2024-08-02T08:21:17.427Z

NVD

Status : Modified

Published: 2023-12-09T07:15:08.130

Modified: 2025-02-20T18:34:50.990

Link: CVE-2023-6120

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6120", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-11-14T10:10:27.070Z", "datePublished": "2023-12-09T06:52:00.170Z", "dateUpdated": "2024-10-09T14:38:05.195Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-12-09T06:52:00.170Z"}, "affected": [{"vendor": "uscnanbu", "product": "Welcart e-Commerce", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.9.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "baseScore": 4.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}], "timeline": [{"time": "2023-11-14T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-12-08T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.427Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-02T16:05:40.071032Z", "id": "CVE-2023-6120", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T14:38:05.195Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.427Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6120", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-02T16:05:40.071032Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T14:38:00.941Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N"}}], "affected": [{"vendor": "uscnanbu", "product": "Welcart e-Commerce", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.9.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-11-14T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2023-12-08T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1"}], "descriptions": [{"lang": "en", "value": "The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-12-09T06:52:00.170Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6120", "state": "PUBLISHED", "dateUpdated": "2024-10-09T14:38:05.195Z", "dateReserved": "2023-11-14T10:10:27.070Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2023-12-09T06:52:00.170Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "70C51E31-DE5E-49C8-A43C-B34805ED5D08", "versionEndExcluding": "2.9.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server."}, {"lang": "es", "value": "El complemento Welcart e-Commerce para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 2.9.6 incluida a trav\u00e9s de la funci\u00f3n upload_certificate_file. Esto hace posible que los administradores carguen archivos .pem o .crt en ubicaciones arbitrarias del servidor."}], "id": "CVE-2023-6120", "lastModified": "2025-02-20T18:34:50.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-09T07:15:08.130", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset/2992785/usc-e-shop/trunk/classes/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}