Lucene search
Takeshi SuzukiWPEX-ID:0D649A7E-3334-48F7-ABCA-FFF0856E12C7HistoryDec 05, 2022 - 12:00 a.m.
Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access
2022-12-0500:00:00
Takeshi Suzuki
65
welcart e-commerce
arbitrary file access
unauthenticated access
0.016 Low
EPSS
Percentile
87.5%
The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server This is a different issue than CVE-2022-41840
https://example.com/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwdRelated
wpvulndb
wpvulndb
Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access
2022-12-05 00:00:00
Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access
2022-10-20 00:00:00
cvelist
cvelist
patchstack
patchstack
cnvd
cnvd
WordPress Welcart eCommerce directory traversal vulnerability
2022-11-23 00:00:00
cve
cve
CVE-2022-41840
2022-11-18 19:15:30
CVE-2022-4140
2023-01-02 22:15:16
prion
prion
Directory traversal
2022-11-18 19:15:00
Input validation
2023-01-02 22:15:00
nuclei
nuclei
Welcart eCommerce <=2.7.7 - Local File Inclusion
2022-10-22 13:43:27
WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
2023-03-31 11:28:24
nvd
nvd
CVE-2022-41840
2022-11-18 19:15:30
CVE-2022-4140
2023-01-02 22:15:16
jvn
jvn