CVE-2022-3762

Опубликовано: 21 нояб. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)

Ссылки

https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/96ef4bb8-a054-48ae-b29c-b3060acd01ac
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:elite:wordpress:*:*

Версия до 1.1.7 (исключая)

cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:plus:wordpress:*:*

Версия до 5.6.5 (исключая)

cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 5.6.7 (исключая)

EPSS

Процентиль: 73%

0.00766

Низкий

6.5 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-65wp-vh9q-f2vh