CVE-2022-50954

Name of the Vulnerable Software and Affected Versions cab-fare-calculator version 1.0.3

Description An issue in the WordPress plugin allows unauthenticated attackers to read arbitrary files. By supplying path traversal sequences through the controller GET parameter in the 'tblight.php' endpoint, an attacker can include and execute files located outside the intended controllers directory. Local File Inclusion (LFI) is a flaw that allows an attacker to include files on a server that are not intended to be exposed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.