Enhancement: cves/2022/CVE-2022-4063.yaml by md
parent
ff54604c1a
commit
5832918030
|
@ -1,12 +1,12 @@
|
|||
id: CVE-2022-4063
|
||||
|
||||
info:
|
||||
name: InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
|
||||
name: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
|
||||
remediation: Fixed in version 2.1.4.1
|
||||
WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
|
||||
remediation: Fixed in version 2.1.4.1.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
|
||||
- https://wordpress.org/plugins/inpost-gallery/
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/03/13
|
||||
|
|
Loading…
Reference in New Issue