CVE-2022-1391

Cab fare calculator < 1.0.4 - Unauthenticated LFI

EPSS 13.6%CWE-22

Vexday Risk Score

23Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 13.6%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

25 Apr 2022Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

Affected products

Unknown · Cab fare calculator

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://packetstormsecurity.com/files/166533/https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac