4 matches found
uDraw <3.3.3 - Local File Inclusion
uDraw before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users...
CVE-2022-0656
creationtimestamp| type| source ---|---|--- 2022-04-25 20:36:38+00:00| seen| https://t.me/cibsecurity/41408 2025-01-26 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-01-26 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...
CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
CVE-2022-0656
The CVE-2022-0656 issue affects the WordPress plugin Web To Print Shop: uDraw , where versions prior to 3.3.3 do not validate the URL parameter in the AJAX action udraw_convert_url_to_base64 before using it in file_get_contents, enabling unauthenticated arbitrary file reads (e.g., /etc/passwd, wp...