CVE-2022-1391

Cab fare calculator < 1.0.4 - Unauthenticated LFI

EPSS 13.6%CWE-22

Vexday Risk Score

23Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 13.6%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

25 abr 2022Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

Productos afectados

Unknown · Cab fare calculator

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://packetstormsecurity.com/files/166533/https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac