CVE-2022-1657

Name of the Vulnerable Software and Affected Versions Jupiter versions 6.10.1 and earlier JupiterX versions 2.0.6 and earlier

Description The issue allows logged-in users, including those with subscriber-level access, to perform Path Traversal and Local File inclusion. This can be exploited through specific AJAX actions in the Jupiter and JupiterX themes. In JupiterX, the jupiterx cp load pane action AJAX action, found in the lib/admin/control-panel/control-panel.php file, calls the load control panel pane function, allowing the inclusion of any local PHP file via the slug parameter. Jupiter has a similar vulnerability, exploitable via the mka cp load pane action AJAX action in the framework/admin/control-panel/logic/functions.php file, which calls the mka cp load pane action function.

Recommendations For Jupiter versions 6.10.1 and earlier, consider disabling the mka cp load pane action AJAX action as a temporary workaround until a patch is available. For JupiterX versions 2.0.6 and earlier, consider disabling the jupiterx cp load pane action AJAX action as a temporary workaround until a patch is available. Restrict access to the load control panel pane and mka cp load pane action functions to minimize the risk of exploitation. Avoid using the slug parameter in the affected AJAX endpoints until the issue is resolved.