How severe is CVE-2023-6160?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2023-6160?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2023-6160

MEDIUM Year: 2023

CVSS v3 Score

6.7

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read the contents of arbitrary CSV files on the server, which can contain sensitive information as well as removing those files from the server.

CVE-2012-5380

MEDIUM

CVSS:6.7(Medium)

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse D...

CWE-222012

CVE-2018-1204

MEDIUM

CVSS:6.7(Medium)

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phon...

CWE-222018

CVE-2019-12666

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The...

CWE-222019

CVE-2019-1952

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid admi...

CWE-222019

CVE-2020-3236

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwri...

CWE-222020

CVE-2021-29246

MEDIUM

CVSS:6.7(Medium)

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special c...

CWE-222021

CVE-2023-6160

Vulnerability Description

Related Vulnerabilities

CVE-2012-5380

CVE-2018-1204

CVE-2019-12666

CVE-2019-1952

CVE-2020-3236

CVE-2021-29246