4 matches found
CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-4063
creationtimestamp| type| source ---|---|--- 2022-12-19 16:10:30+00:00| seen| https://t.me/cibsecurity/54857 2023-09-12 03:15:02+00:00| published-proof-of-concept| https://t.me/v3n0mhack/278 2024-11-04 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-04 2024-11-05...
CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-4063
The CVE-2022-4063 issue affects WordPress InPost Gallery plugin versions before 2.1.4.1. The root cause is insecure use of PHP’s extract() when rendering HTML views, which can force inclusion of arbitrary files/URLs and may enable code execution on the server via Local File Inclusion (LFI) or rem...