CVE-2022-4236

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/436d8894-dab8-41ea-8ed0-a3338aded635	Exploit Third Party Advisory
https://wpscan.com/vulnerability/436d8894-dab8-41ea-8ed0-a3338aded635	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:34

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/436d8894-dab8-41ea-8ed0-a3338aded635 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/436d8894-dab8-41ea-8ed0-a3338aded635 - Exploit, Third Party Advisory
Summary		(es) El complemento Welcart e-Commerce de WordPress anterior a 2.8.5 no valida la entrada del usuario antes de usarlo para generar el contenido de un archivo a través de una acción AJAX disponible para cualquier usuario autenticado, lo que podría permitir a los usuarios con un rol tan bajo como el de suscriptor leer arbitrariamente archivos en el servidor.

Information

Published : 2023-01-02 22:15

Updated : 2024-11-21 07:34

NVD link : CVE-2022-4236

Mitre link : CVE-2022-4236

CVE.ORG link : CVE-2022-4236

JSON object : View

Products Affected

collne

welcart_e-commerce

CWE

CWE-552

Files or Directories Accessible to External Parties

6.5 /10