CVE-2022-3361
published 2022-11-29CVE-2022-3361: The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on…
PriorityP430medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
2.48%
82.6th percentile
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ultimatemember | ultimate_member | <= 2.5.0 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q6cc-3x9h-cxmm: The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2
ghsa_unreviewed·2022-11-29
CVE-2022-3361 [MEDIUM] CWE-22 GHSA-q6cc-3x9h-cxmm: The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.
Red Hat
kernel: gpiolib: fix memory leak in gpiochip_setup_dev()
vendor_redhat·2024-10-21·CVSS 5.5
CVE-2022-48975 [MEDIUM] CWE-401 kernel: gpiolib: fix memory leak in gpiochip_setup_dev()
kernel: gpiolib: fix memory leak in gpiochip_setup_dev()
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: fix memory leak in gpiochip_setup_dev()
Here is a backtrace report about memory leak detected in
gpiochip_setup_dev():
unreferenced object 0xffff88810b406400 (size 512):
comm "python3", pid 1682, jiffies 4295346908 (age 24.090s)
backtrace:
kmalloc_trace
device_adddevice_private_init at drivers/base/core.c:3361
(inlined by) device_add at drivers/base/core.c:3411
cdev_device_add
gpiolib_cdev_register
gpiochip_setup_dev
gpiochip_add_data_with_key
gcdev_register() & gcdev_unregister() would call device_add() &
device_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to
register/unregister device.
However, if device_add() succeeds, some resource (like
struct
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3361.mdhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2805393%40ultimate-member&new=2805393%40ultimate-member&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/8c7d5fbe-d272-46d4-9b33-889ba77dcc52?source=cvehttps://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3361https://www.yuque.com/docs/share/23f988ad-1402-42f2-b8d2-c7a87a4022bdhttps://github.com/H4de5-7/vulnerabilities/blob/main/CVE-2022-3361.mdhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2805393%40ultimate-member&new=2805393%40ultimate-member&sfp_email=&sfph_mail=https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3361https://www.yuque.com/docs/share/23f988ad-1402-42f2-b8d2-c7a87a4022bd
2022-11-29
Published