cbcvebase.
CVE-2022-4140
published 2023-01-02

CVE-2022-4140: The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow…

PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.94%
85.4th percentile
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

Affected

2 ranges
VendorProductVersion rangeFixed in
mozillafirefox
welcartwelcart_e-commerce< 2.8.52.8.5

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd
url/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/Windows/win.ini
path/wp-content/plugins/usc-e-shop/functions/content-log.php
  • Exploit sends unauthenticated GET request to content-log.php with a 'logfile' parameter pointing to arbitrary files (e.g., /etc/passwd or /Windows/win.ini). Detect by monitoring GET requests to this path with path-traversal or absolute path values in the 'logfile' parameter.
  • Successful exploitation returns HTTP 200 with Content-Type text/html and body matching Unix passwd file pattern 'root:.*:0:0:' or Windows win.ini section headers like '[fonts]', '[extensions]', or '[files]'.
  • The vulnerability is unauthenticated (no credentials required). Any GET request to the vulnerable endpoint from an unauthenticated session should be treated as suspicious.
  • ·Vulnerability affects Welcart e-Commerce WordPress plugin versions before 2.8.5 only. Patched in 2.8.5.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.