CVE-2022-41840
published 2022-11-18CVE-2022-41840: Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.12%
91.3th percentile
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| collne_inc | welcart_e-commerce | <= 2.7.7 | — |
| welcart | welcart_e-commerce | < 2.7.8 | 2.7.8 |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=../../../../../../../../../../../../../etc/passwd↗
- →Look for unauthenticated GET requests to progress-check.php with a 'progressfile' parameter containing directory traversal sequences (e.g., '../') targeting sensitive files such as /etc/passwd. ↗
- →A successful exploitation returns HTTP 200 with Content-Type 'application/json' and a response body matching the pattern 'root:.*:0:0:' (contents of /etc/passwd). ↗
- ·The vulnerability affects Welcart eCommerce plugin versions <= 2.7.7 on WordPress; version 2.7.8 and above are patched. ↗
- ·The exploit is unauthenticated (no credentials required), making it trivially exploitable remotely with no user interaction. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9w9j-rrw6-jgxm: Unauth
ghsa_unreviewed·2022-11-18
CVE-2022-41840 [CRITICAL] CWE-22 GHSA-9w9j-rrw6-jgxm: Unauth
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
VulnCheck
welcart welcart_e-commerce Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2022·CVSS 7.5
CVE-2022-41840 [HIGH] welcart welcart_e-commerce Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
welcart welcart_e-commerce Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Affected: welcart welcart_e-commerce
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&host_type=src&vulnerability=cve-2022-41840; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-14&host_type=src&vulnerability=cve-2022-41840; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-15&host_type=src&vulnerabil
No detection rules found.
Nuclei
Welcart eCommerce <=2.7.7 - Local File Inclusion
nuclei·CVSS 9.8
CVE-2022-41840 [CRITICAL] Welcart eCommerce <=2.7.7 - Local File Inclusion
Welcart eCommerce =2.7.8) or apply the provided patch to fix the LFI vulnerability.
reference:
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability
- https://wordpress.org/plugins/usc-e-shop/
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2022-41840
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-41840
cwe-id: CWE-22
epss-score: 0.79378
epss-percentile: 0.9908
cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: collne
product: welcart_e-comme
2022-11-18
Published
Exploited in the wild