Wordpress Welcart E Commerce Progress Check Php Arbitrary File Reading Vulnerability Cve 2022 41840
Wordpress Welcart E Commerce Progress Check Php Arbitrary File Reading Vulnerability Cve 2022 41840
WordPress Welcart e-Commerce progress-check.php Arbitrary file reading vulnerability CVE-2022-41840
Vulnerability Description
WordPress Welcart e-Commerce plug-in progress-check.php file, there is a vulnerability to read any file in the server. The attacker has suffered a vulnerability and can obtain any file information in the server.
Vulnerability Impact
WordPress Welcart e-Commerce <= 2.7.7
Plugin Name
Welcart e-Commerce
https://downloads.wordpress.org/plugin/usc-e-shop.2.7.7.zip
Vulnerability reappears
After downloading, compare the updated files usc-e-shop/functions/progress-check.php
Fixed arbitrary file reading vulnerability caused by parameter progressfile filtering problem, verify POC
/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=progress-check.php
This post is licensed under CC BY 4.0 by the author.