Lucene search

[email protected]NVD:CVE-2022-4140

HistoryJan 02, 2023 - 10:15 p.m.

CVE-2022-4140

2023-01-0222:15:16

[email protected]

web.nvd.nist.gov

welcart e-commerce

wordpress

plugin

validation

user input

arbitrary files

server

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.013 Low

EPSS

Percentile

85.9%

JSON

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

Affected configurations

NVD

Node

collnewelcart_e-commerceRange<2.8.5wordpress

References

wpscan.com/vulnerability/0d649a7e-3334-48f7-abca-fff0856e12c7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for NVD:CVE-2022-4140

prion1 jvn1 cvelist1 cve1 nuclei1 wpvulndb1 wpexploit1