PT-2023-7910 · WordPress · Welcart E-Commerce

Takeshi Suzuki

Publicado

2023-01-02

Atualizado

2025-04-10

CVE-2022-4140

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce WordPress plugin versions prior to 2.8.5

Description The issue is related to the use of files and directories accessible to external parties. It does not validate user input before using it to output the content of a file, which could allow an unauthenticated attacker to read arbitrary files on the server.

Recommendations For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server until the update is applied.

Exploit

Correção

Files Accessible to External Parties

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-425CWE-552

Identificadores relacionados

BDU:2023-08982

CVE-2022-4140

Produtos afetados

Welcart E-Commerce

PT-2023-7910 · WordPress · Welcart E-Commerce

CVE-2022-4140

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9