daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-4063.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-13 14:51:19 -04:00
parent ff54604c1a
commit 5832918030
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2022/CVE-2022-4063.yaml
View File

@ -1,12 +1,12 @@
id: CVE-2022-4063
info:
name: InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
name: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
author: theamanrawat
severity: critical
description: |
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
remediation: Fixed in version 2.1.4.1
WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
remediation: Fixed in version 2.1.4.1.
reference:
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
- https://wordpress.org/plugins/inpost-gallery/
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/03/13