Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2023/01/02 9:49 p.m.7 views

CVE-2022-4237 Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a...

8.6AI score0.01073EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/02 9:49 p.m.25 views

CVE-2022-4237 Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a...

8.8AI score0.01073EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.26 views

Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The plugin does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present...

8.8CVSS2.3AI score0.01073EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/05 12:0 a.m.104 views

Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The plugin does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present...

8.8CVSS0.01073EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.33 views

Feed Them Social < 2.9.8.6 - Unauthenticated PHAR Deserialisation

The plugin does not validate the ftsurl parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file and a suitable gadget chain is present...

9.8CVSS2.6AI score0.0134EPSS
Exploits0Affected Software1
Rows per page
Query Builder