The plugin does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server This is a different issue than CVE-2022-41840
https://example.com/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd
CPE | Name | Operator | Version |
---|---|---|---|
usc-e-shop | lt | 2.8.5 |