Vulnerability Details : CVE-2022-1390
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
Vulnerability category: Directory traversal
Products affected by CVE-2022-1390
- Admin Word Count Column Project » Admin Word Count Column » For WordpressVersions up to, including, (<=) 2.2cpe:2.3:a:admin_word_count_column_project:admin_word_count_column:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1390
96.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1390
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-1390
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: contact@wpscan.com (Primary)
References for CVE-2022-1390
-
https://packetstormsecurity.com/files/166476/
WordPress Admin Word Count Column 2.2 Local File Inclusion ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://wpscan.com/vulnerability/6293b319-dc4f-4412-9d56-55744246c990
Attention Required! | CloudflareExploit;Third Party Advisory
Jump to