6.5

CVE-2022-3762

Exploit

Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download

Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)
Mögliche Gegenmaßnahme
Booster Plus for WooCommerce: Update to version 5.6.5, or a newer patched version
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools: Update to version 5.6.7, or a newer patched version
Booster Elite for WooCommerce: Update to version 1.1.7, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Booster Plus for WooCommerce
Version *-5.6.4
SystemWordPress Plugin
Produkt Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
Version *-5.6.6
SystemWordPress Plugin
Produkt Booster Elite for WooCommerce
Version [*, 1.1.7)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BoosterBooster For Woocommerce SwEditionelite SwPlatformwordpress Version < 1.1.7
BoosterBooster For Woocommerce SwEditionplus SwPlatformwordpress Version < 5.6.5
BoosterBooster For Woocommerce SwPlatformwordpress Version < 5.6.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.77% 0.73
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.