Lucene search
K

4 matches found

WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.21 views

Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access

The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server This is a different issue than CVE-2022-41840 PoC...

9.8CVSS1.5AI score0.05116EPSS
Exploits3Affected Software1
Circl
Circl
added 2022/11/18 10:29 p.m.40 views

CVE-2022-41840

creationtimestamp| type| source ---|---|--- 2022-11-18 22:29:34+00:00| seen| https://t.me/cibsecurity/53162 2025-05-10 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-05-10 2025-05-18 00:00:00+00:00| exploited| The Shadowserver...

9.8CVSS7.3AI score0.05116EPSS
In wildExploits2References4
Vulnrichment
Vulnrichment
added 2022/11/18 6:27 p.m.6 views

CVE-2022-41840 WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...

7.5CVSS8.6AI score0.05116EPSS
Exploits2References1
CVE
CVE
added 2022/11/18 6:27 p.m.97 views

CVE-2022-41840

Welcart eCommerce WordPress plugin = 2.7.8) or apply the patch referenced by Patchstack. Note: The Nuclei template confirms unauthenticated local file inclusion; no further exploit details are provided in the available documents. If exploitation activity is observed in the wild, refer to the patc...

9.8CVSS8.6AI score0.05116EPSS
In wildExploits2References1Affected Software1
Rows per page
Query Builder