3 matches found
CVE-2022-4140 Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server...
CVE-2022-4140 Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server...
CVE-2022-4140
The CVE-2022-4140 entry concerns the WordPress plugin Welcart e-Commerce before 2.8.5. The vulnerability arises because the plugin does not validate user input before using it to output the contents of a file, enabling unauthenticated attackers to read arbitrary server files. Several connected so...