CVE-2022-4140
published 2023-01-02CVE-2022-4140: The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow…
PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.94%
85.4th percentile
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| welcart | welcart_e-commerce | < 2.8.5 | 2.8.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit sends unauthenticated GET request to content-log.php with a 'logfile' parameter pointing to arbitrary files (e.g., /etc/passwd or /Windows/win.ini). Detect by monitoring GET requests to this path with path-traversal or absolute path values in the 'logfile' parameter. ↗
- →Successful exploitation returns HTTP 200 with Content-Type text/html and body matching Unix passwd file pattern 'root:.*:0:0:' or Windows win.ini section headers like '[fonts]', '[extensions]', or '[files]'. ↗
- →The vulnerability is unauthenticated (no credentials required). Any GET request to the vulnerable endpoint from an unauthenticated session should be treated as suspicious. ↗
- ·Vulnerability affects Welcart e-Commerce WordPress plugin versions before 2.8.5 only. Patched in 2.8.5. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6c75-m6fq-9mh7: The Welcart e-Commerce WordPress plugin before 2
ghsa_unreviewed·2023-01-03
CVE-2022-4140 [HIGH] CWE-552 GHSA-6c75-m6fq-9mh7: The Welcart e-Commerce WordPress plugin before 2
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server
Mozilla
Mozilla Foundation Security Advisory 2022-02: CVE-2021-4140
vendor_mozilla·CVSS 10.0
CVE-2021-4140 [CRITICAL] Mozilla Foundation Security Advisory 2022-02: CVE-2021-4140
Mozilla Foundation Security Advisory 2022-02
CVE: CVE-2021-4140
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 91.5
Mozilla
Mozilla Foundation Security Advisory 2022-01: CVE-2021-4140
vendor_mozilla·CVSS 10.0
CVE-2021-4140 [CRITICAL] Mozilla Foundation Security Advisory 2022-01: CVE-2021-4140
Mozilla Foundation Security Advisory 2022-01
CVE: CVE-2021-4140
Product: Firefox
Impact: moderate
Fixed in: Firefox 96
Mozilla
Mozilla Foundation Security Advisory 2022-03: CVE-2021-4140
vendor_mozilla·CVSS 10.0
CVE-2021-4140 [CRITICAL] Mozilla Foundation Security Advisory 2022-03: CVE-2021-4140
Mozilla Foundation Security Advisory 2022-03
CVE: CVE-2021-4140
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 91.5
No detection rules found.
Nuclei
WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
nuclei·CVSS 7.5
CVE-2022-4140 [HIGH] WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-4140
info:
name: WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
author: theamanrawat
severity: high
description: |
WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sen
No writeups or analysis indexed.
2023-01-02
Published