WordPress Plugin Vulnerabilities

Cab fare calculator < 1.0.4 - Unauthenticated LFI

Description

The plugin does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

Despite what the original advisory claims, the issue is not exploitable by accessing the file directly as a fatal error is triggered before the vulnerable code is reached, however can be exploited by unauthenticated attackers via other requests

Proof of Concept

https://example.com/?controller=../../../index&action=1&ajax=1
https://example.com/?controller=../../../index&action=1&pg=tblight

Affects Plugins

cab-fare-calculator

Fixed in version 1.0.4

References

CVE

CVE-2022-1391

URL

https://packetstormsecurity.com/files/166533/

ExploitDB

50843

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

Miscellaneous

Original Researcher

Hassan Khan Yusufzai - Splint3r7

Verified

Yes

WPVDB ID

680121fe-6668-4c1a-a30d-e70dd9be5aac

Timeline

Publicly Published

2022-03-30 (about 8 months ago)

Added

2022-03-30 (about 8 months ago)

Last Updated

2022-07-27 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin