Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2014-4942
HistoryAug 04, 2022 - 10:31 a.m.

WordPress EasyCart <2.0.6 - Information Disclosure

2022-08-0410:31:33
ProjectDiscovery
github.com
11
vulnerability
information disclosure
wordpress
easycart
phpinfo
levelfourdevelopment
cvss
cve-2014-4942

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0.008

Percentile

82.4%

JSON
WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.

id: CVE-2014-4942

info:
  name: WordPress EasyCart <2.0.6 - Information Disclosure
  author: DhiyaneshDk
  severity: medium
  description: |
    WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.
  impact: |
    An attacker can gain sensitive information from the target system.
  remediation: |
    Upgrade to WordPress EasyCart version 2.0.6 or later.
  reference:
    - https://wpscan.com/vulnerability/64ea4135-eb26-4dea-a13f-f4c1deb77150
    - https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942
    - https://nvd.nist.gov/vuln/detail/CVE-2014-4942
    - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=829290%40wp-easycart&old=827627%40wp-easycart&sfp_email=&sfph_mail=
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2014-4942
    cwe-id: CWE-200
    epss-score: 0.01024
    epss-percentile: 0.82199
    cpe: cpe:2.3:a:levelfourdevelopment:wp-easycart:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: levelfourdevelopment
    product: wp-easycart
    framework: wordpress
  tags: cve2014,cve,wpscan,wordpress,wp-plugin,wp,phpinfo,disclosure,levelfourdevelopment

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/wp-easycart/inc/admin/phpinfo.php"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "PHP Extension"
          - "PHP Version"
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - '>PHP Version <\/td><td class="v">([0-9.]+)'
# digest: 490a004630440220342dce47a8408c74a401ff37d16e9bdac22e456deb97b98dd0c3c7b4b7daed5702206190335d1ce1d1991a9d8e91c114329267ce0095e548d99dd945e381ab003da3:922c64590222798bb761d5b6d8e72950

Related

cve 1
prion 1
cvelist 1
nvd 1
openvas 1
wpvulndb 1
patchstack 1
cve
cve
CVE-2014-4942
2014-07-11 20:55:03
prion
prion
Information disclosure
2014-07-11 20:55:00
cvelist
cvelist
CVE-2014-4942
2014-07-11 20:00:00
nvd
nvd
CVE-2014-4942
2014-07-11 20:55:03
openvas
openvas
WordPress EasyCart Information Disclosure Vulnerability
2015-01-13 00:00:00
wpvulndb
wpvulndb
EasyCart 2.0.5 - inc/admin/phpinfo.php Direct Request Remote Information Disclosure
2014-08-01 10:59:16
patchstack
patchstack
WordPress WP EasyCart Plugin <= 2.0.5 - Information Disclosure
2014-07-11 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0.008

Percentile

82.4%

JSON
Related for NUCLEI:CVE-2014-4942
cve1prion1cvelist1nvd1openvas1wpvulndb1patchstack1