CVE-2022-1119 — Path Traversal in Simple-file-list

CWE-22 — Path Traversal CWE-79 — Cross-site Scripting7 documents7 sources

Severity

7.5HIGHNVD

EPSS

85.8%

top 0.62%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Simplefilelist Simple-file-list Eemitch Simple File List

Timeline

PublishedApr 19

Latest updateJun 24

Description

The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDsimplefilelist/simple-file-list< 3.2.8

▶CVEListV5eemitch/simple_file_list3.2.7

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

Cross-site Scripting in Jenkins JUnit Plugin↗2022-06-24

▶

GHSA

GHSA-m665-jg8v-5m5r: The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader↗2022-04-20

▶

CVEList

Simple File List <= 3.2.7 - Arbitrary File Download↗2022-04-19

▶

💥Exploits & PoCs

Nuclei

WordPress Simple File List <3.2.8 - Local File Inclusion

▶

📋Vendor Advisories

Red Hat

jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin↗2022-06-23

▶

Microsoft

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Up↗2022-06-14

▶