CVE-2022-0377

Exploit

EPSS 3.21%
Veröffentlicht 28.02.2022 09:15:09
Zuletzt bearbeitet 21.11.2024 06:38:29
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

LearnPress < 4.1.5 - Arbitrary Image Renaming

LearnPress <= 4.1.4.1 - Arbitrary Image Renaming

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration.  After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.

Mögliche Gegenmaßnahme

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses: Update to version 4.1.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Thimpress ≫ Learnpress SwPlatformwordpress Version < 4.1.5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

Version *-4.1.4.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.21%	0.865

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/

Third Party Advisory

Exploit

https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf

Patch

Third Party Advisory

https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/5200ed9c-83dd-4f07-804c-2519932e5546

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0377

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-0377