← Zuruck zu CVEs
CVE-2022-1390
CRITICAL9.8
Beschreibung
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/25/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
admin_word_count_column_project:admin_word_count_column
Schwachen (CWE)
CWE-22
Referenzen
https://packetstormsecurity.com/files/166476/(contact@wpscan.com)
https://wpscan.com/vulnerability/6293b319-dc4f-4412-9d56-55744246c990(contact@wpscan.com)
https://packetstormsecurity.com/files/166476/(af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/6293b319-dc4f-4412-9d56-55744246c990(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.