CVE-2023-4168

MEDIUM NUCLEI

Templatecookie Adlisting 2.14.0 - Information Disclosure in Redirect Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4168. PoCs published by CraCkEr. A Nuclei detection template is also available.

AI-analyzed exploit summary This writeup describes an information disclosure vulnerability in Adlisting Classified Ads 2.14.0, where sensitive Firebase configuration data is leaked in HTTP response bodies during page redirects. The issue exposes API keys and other credentials configured in the admin panel.

Description

A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

exploitdb WRITEUP

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/51667

View Code ZIP pw:eip

This writeup describes an information disclosure vulnerability in Adlisting Classified Ads 2.14.0, where sensitive Firebase configuration data is leaked in HTTP response bodies during page redirects. The issue exposes API keys and other credentials configured in the admin panel.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Adlisting Classified Ads 2.14.0

No auth needed

Prerequisites: Access to any page on the vulnerable website

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Adlisting Classified Ads 2.14.0 - Information Disclosure

HIGHVERIFIEDby r3Y3r53

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.236184

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.236184

Exploit, Third Party Advisory related

http://packetstormsecurity.com/files/174015/Adlisting-Classified-Ads-2.14.0-Information-Disclosure.html

Scores

CVSS v3 4.3

EPSS 0.7465

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

templatecookie/adlisting 2.14.0

Published Aug 05, 2023

Tracked Since Feb 18, 2026