Lucene search
PRIOn knowledge basePRION:CVE-2022-0246HistoryApr 11, 2022 - 3:15 p.m.
Design/Logic Flaw
2022-04-1115:15:00
PRIOn knowledge base
www.prio-n.com
1
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to “Zip Slip” vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| iq_block_country | lt | 1.2.13 |
Related
wpexploit
wpexploit
iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip
2022-03-16 00:00:00
patchstack
patchstack
cvelist
cvelist
nvd
nvd
CVE-2022-0246
2022-04-11 15:15:08
packetstorm
packetstorm
WordPress iQ Block Country 1.2.13 Arbitrary File Deletion
2022-03-21 00:00:00
exploitdb
exploitdb
wpvulndb
wpvulndb
iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip
2022-03-16 00:00:00
zdt
zdt
cve
cve
CVE-2022-0246
2022-04-11 15:15:08