Enhancement: cves/2022/CVE-2022-2314.yaml by md
parent
2b52a0cf0a
commit
2dd1f21171
|
@ -1,11 +1,11 @@
|
||||||
id: CVE-2022-2314
|
id: CVE-2022-2314
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: WordPress VR Calendar <=2.3.2 - Arbitrary Function Call
|
name: WordPress VR Calendar <=2.3.2 - Remote Code Execution
|
||||||
author: theamanrawat
|
author: theamanrawat
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
WordPress VR Calendar plugin through 2.3.2 is susceptible to arbitrary function call. The plugin allows any user to execute arbitrary PHP functions on the site.
|
WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82
|
- https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82
|
||||||
- https://wordpress.org/plugins/vr-calendar-sync/
|
- https://wordpress.org/plugins/vr-calendar-sync/
|
||||||
|
@ -14,6 +14,7 @@ info:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2022-2314
|
cve-id: CVE-2022-2314
|
||||||
|
cwe-id: CWE-94
|
||||||
metadata:
|
metadata:
|
||||||
verified: "true"
|
verified: "true"
|
||||||
tags: rce,unauth,wpscan,cve,cve2022,wp,vr-calendar-sync,wordpress,wp-plugin
|
tags: rce,unauth,wpscan,cve,cve2022,wp,vr-calendar-sync,wordpress,wp-plugin
|
||||||
|
@ -47,4 +48,4 @@ requests:
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
# Enhanced by md on 2023/03/21
|
# Enhanced by md on 2023/03/22
|
||||||
|
|
Loading…
Reference in New Issue