Security Advisory

CVE-2023-2288

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-30 07:49:15

Last updated 2025-01-10 21:04:14

Assigner WPScan

State PUBLISHED

Description

The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.

← Browse all CVEs View on cve.org ↗