← volver
CVE-2022-1390

Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read

EPSS 22.1%CWE-22
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 22.1%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
25 abr 2022Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
Productos afectados
Unknown · Admin Word Count Column

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://packetstormsecurity.com/files/166476/https://wpscan.com/vulnerability/6293b319-dc4f-4412-9d56-55744246c990