cbcvebase.
CVE-2022-1392
published 2022-04-25

CVE-2022-1392: The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File…

PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
11.09%
95.4th percentile
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues

Affected

1 ranges
VendorProductVersion rangeFixed in
commoninjavideos_sync_pdf<= 1.7.4

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=tout
path/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php
  • HTTP GET request to the vulnerable endpoint with `p=` parameter; a 200 response containing both error strings confirms unauthenticated LFI exploitability.
  • Response body containing the string 'REPERTOIRE_VIDEOSYNCPDFreglages/Menu_Plugins/tout.php' is a strong indicator of the vulnerable plugin being present and the LFI path being triggered.
  • The vulnerability is unauthenticated (PR:N, UI:N) and exploitable via the `p` parameter in tout.php; monitor web server logs for GET requests to this path with arbitrary `p` values.
  • ·Affected versions are up to and including 1.7.4; version 1.7.5 and above contain the fix. Ensure version checks target <=1.7.4.
  • ·The Nuclei template uses a benign probe value (`p=tout`) to trigger a PHP file-not-found error rather than actually reading sensitive files; real exploitation would use path traversal sequences in the `p` parameter.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.