The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/166476/ | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/6293b319-dc4f-4412-9d56-55744246c990 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-04-25T15:51:24
Updated: 2022-04-25T15:51:24
Reserved: 2022-04-19T00:00:00
Link: CVE-2022-1390
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-25T16:16:08.720
Modified: 2022-05-04T13:48:46.707
Link: CVE-2022-1390
JSON object: View
Redhat Information
No data.
CWE