Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-2441
HistoryOct 20, 2023 - 8:15 a.m.

CVE-2022-2441

2023-10-2008:15:11
CWE-352
[email protected]
web.nvd.nist.gov
26
imagemagick
wordpress
remote code execution
vulnerability
cve-2022-2441

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

JSON

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the ‘cli_path’ parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.

Affected configurations

Vulners
NVD
Node
rickardwimagemagick_engineRange1.7.5

CNA Affected

[
  {
    "vendor": "rickardw",
    "product": "ImageMagick Engine",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.7.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

patchstack 1
wpexploit 1
prion 1
cvelist 1
wpvulndb 1
osv 1
nvd 1
patchstack
patchstack
WordPress ImageMagick Engine plugin <= 1.7.4 - Remote Code Execution (RCE) via Cross-Site Request Forgery (CSRF) vulnerability
2022-10-19 00:00:00
wpexploit
wpexploit
ImageMagick-Engine < 1.7.6 - Command Injection via CSRF
2022-10-18 00:00:00
prion
prion
Remote code execution
2023-10-20 08:15:00
cvelist
cvelist
CVE-2022-2441
2023-10-20 07:29:28
wpvulndb
wpvulndb
ImageMagick-Engine < 1.7.6 - Command Injection via CSRF
2022-10-18 00:00:00
osv
osv
CVE-2022-2441
2023-10-20 08:15:11
nvd
nvd
CVE-2022-2441
2023-10-20 08:15:11

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

JSON
Related for CVE-2022-2441
patchstack1wpexploit1prion1cvelist1wpvulndb1osv1nvd1