Lucene search

[email protected]CVE-2022-3417

HistoryJan 09, 2023 - 11:15 p.m.

CVE-2022-3417

2023-01-0923:15:26

[email protected]

web.nvd.nist.gov

cve-2022-3417

wptouch

wordpress

plugin

vulnerability

php

object injection

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.

Affected configurations

Vulners

NVD

Node

bravenewcodewptouchRange<4.3.45

VendorProductVersionCPE
bravenewcodewptouch*cpe:2.3:a:bravenewcode:wptouch:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bravenewcode	wptouch	*	cpe:2.3:a:bravenewcode:wptouch::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WPtouch",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.3.45"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2022-3417

prion1 cvelist1 nvd1 openvas1