CVE-2023-6065

MEDIUM NUCLEI

Quttera Web Malware Scanner WP <3.4.2.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-6065. PoCs published by halilkirazkaya. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains functional exploit code for multiple CVEs, including CVE-2023-6065. The PoCs demonstrate vulnerabilities such as Remote File Inclusion, Path Traversal, and Arbitrary File Deletion, with clear HTTP request examples.

Description

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code

Exploits (1)

github WORKING POC 4 stars
by halilkirazkaya · poc
https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2023/CVE-2023-6065.md

This repository contains functional exploit code for multiple CVEs, including CVE-2023-6065. The PoCs demonstrate vulnerabilities such as Remote File Inclusion, Path Traversal, and Arbitrary File Deletion, with clear HTTP request examples.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Various (WordPress plugins, QNAP Photo Station, IBM Data Risk Manager, etc.)
No auth needed
Prerequisites: Network access to the target system
devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure
MEDIUMVERIFIEDby s4e-io

References (2)

Core 2

Scores

CVSS v3 5.3
EPSS 0.1870
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published
Products (1)
quttera/quttera_web_malware_scanner < 3.4.2.1
Published Dec 18, 2023
Tracked Since Feb 18, 2026