4 matches found
Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access
The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server This is a different issue than CVE-2022-41840 PoC...
CVE-2022-41840
creationtimestamp| type| source ---|---|--- 2022-11-18 22:29:34+00:00| seen| https://t.me/cibsecurity/53162 2025-05-10 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-05-10 2025-05-18 00:00:00+00:00| exploited| The Shadowserver...
CVE-2022-41840 WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...
CVE-2022-41840
Welcart eCommerce WordPress plugin = 2.7.8) or apply the patch referenced by Patchstack. Note: The Nuclei template confirms unauthenticated local file inclusion; no further exploit details are provided in the available documents. If exploitation activity is observed in the wild, refer to the patc...