CVE-2022-1273

Exploit

EPSS 0.88%
Veröffentlicht 02.05.2022 16:15:09
Zuletzt bearbeitet 21.11.2024 06:40:23
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Import WP – Import and Export WordPress data to XML or CSV files <= 2.4.5 - Authenticated Arbitrary File Upload

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE

Mögliche Gegenmaßnahme

Import WP – Export and Import CSV and XML files to WordPress: Update to version 2.4.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Import WP – Export and Import CSV and XML files to WordPress

Version *-2.4.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Importwp ≫ Import Wp SwPlatformwordpress Version < 2.4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.88%	0.745

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/1e518d40-deda-438a-9787-b3cf7faad7a4

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1273

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1273

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1273

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-1273