exploitDog

CVE-2022-1953

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first

Ссылки

https://wpscan.com/vulnerability/b66d6682-edbc-435f-a73a-dced32a32770
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/b66d6682-edbc-435f-a73a-dced32a32770
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:product_configurator_for_woocommerce_project:product_configurator_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 1.2.32 (исключая)

EPSS

Процентиль: 88%

0.03888

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-6qhx-qfq2-78g9

CVSS3: 9.1

github

больше 3 лет назад

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first

EPSS

Процентиль: 88%

0.03888

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22