CVE-2022-1391
published 2022-04-25CVE-2022-1391: The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
13.59%
96.0th percentile
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kanev | cab_fare_calculator | < 1.0.4 | 1.0.4 |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/passwd%00&action=1&ajax=1↗
- →Send a GET request to /wp-content/plugins/cab-fare-calculator/tblight.php with the 'controller' parameter set to a path traversal payload targeting /etc/passwd (null-byte terminated), with action=1 and ajax=1. A successful LFI response will contain the regex pattern 'root:[x*]:0:0' and return HTTP 200. ↗
- →The vulnerable parameter is 'controller', which is passed unsanitized into a PHP require statement, enabling path traversal / Local File Inclusion. Null-byte (%00) is appended to truncate the file extension. ↗
- ·The null-byte truncation technique (%00) is only effective on PHP versions below 5.3.4, where null bytes terminate file paths. On modern PHP, the payload may need to be adapted. ↗
- ·Vulnerability affects Cab fare calculator WordPress plugin versions strictly before 1.0.4. Installations at 1.0.4 or later are not affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ccvg-rxc2-rf77: The Cab fare calculator WordPress plugin through 1
ghsa_unreviewed·2022-04-26
CVE-2022-1391 [CRITICAL] CWE-22 GHSA-ccvg-rxc2-rf77: The Cab fare calculator WordPress plugin through 1
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
VulnCheck
kanev cab_fare_calculator Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2022·CVSS 9.8
CVE-2022-1391 [CRITICAL] kanev cab_fare_calculator Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
kanev cab_fare_calculator Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
Affected: kanev cab_fare_calculator
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2022-1391
Red Hat
kernel: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
vendor_redhat·2024-06-20·CVSS 5.5
CVE-2022-48715 [MEDIUM] CWE-20 kernel: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
kernel: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
In the Linux kernel, the following vulnerability has been resolved:
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
Running tests with a debug kernel shows that bnx2fc_recv_frame() is
modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot
a debug kernel and run the bnx2fc driver with the hardware enabled.
[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_
[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B
[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013
[ 1391.699183] Call Trace:
[ 1391.699188] dump_stack_lvl+0x57/0x7d
[ 1391.699198] check_preemption_disabled+0xc8/0xd
No detection rules found.
Nuclei
WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
nuclei·CVSS 9.8
CVE-2022-1391 [CRITICAL] WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
Template:
id: CVE-2022-1391
info:
name: WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
author: Splint3r7
severity: critical
description: |
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server, potentially exposing sensitive information.
remediation: |
Update to the latest version of the WordPress Cab fare calcul
2022-04-25
Published
Exploited in the wild