Lucene search
K

4 matches found

Nuclei
Nuclei
added 9 hours ago77 views

uDraw <3.3.3 - Local File Inclusion

uDraw before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users...

7.5CVSS7.2AI score0.07736EPSS
Exploits2References5
Circl
Circl
added 2022/04/25 8:36 p.m.38 views

CVE-2022-0656

creationtimestamp| type| source ---|---|--- 2022-04-25 20:36:38+00:00| seen| https://t.me/cibsecurity/41408 2025-01-26 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-01-26 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...

7.5CVSS7.1AI score0.07736EPSS
In wildExploits2References4
ATTACKERKB
ATTACKERKB
added 2022/04/25 4:16 p.m.5 views

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...

7.5CVSS7.3AI score0.07736EPSS
Exploits2References3
CVE
CVE
added 2022/04/25 3:51 p.m.80 views

CVE-2022-0656

The CVE-2022-0656 issue affects the WordPress plugin Web To Print Shop: uDraw , where versions prior to 3.3.3 do not validate the URL parameter in the AJAX action udraw_convert_url_to_base64 before using it in file_get_contents, enabling unauthenticated arbitrary file reads (e.g., /etc/passwd, wp...

7.5CVSS7.4AI score0.07736EPSS
In wildExploits2References1Affected Software1
Rows per page
Query Builder