CVE-2022-4030

EPSS 5.43%
Veröffentlicht 29.11.2022 21:15:11
Zuletzt bearbeitet 21.11.2024 07:34:28
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion

The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.

Mögliche Gegenmaßnahme

Simple:Press Forum: Update to version 6.8.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Simple:Press Forum

Version *-6.8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Simple-press ≫ Simple:press SwPlatformwordpress Version <= 6.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.43%	0.898

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
security@wordfence.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=

Patch

Third Party Advisory

https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4030

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/43bcf3ab-4201-4a61-82c5-2dc60b684989

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4030

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4030