Vulnerability Details : CVE-2022-0679
Potential exploit
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration.
Vulnerability category: Directory traversal
Products affected by CVE-2022-0679
- Narnoo Distributor Project » Narnoo Distributor » For WordpressVersions up to, including, (<=) 2.5.1cpe:2.3:a:narnoo_distributor_project:narnoo_distributor:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-0679
80.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-0679
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-0679
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: contact@wpscan.com (Primary)
References for CVE-2022-0679
-
https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8
Attention Required! | CloudflareExploit;Third Party Advisory
Jump to