CVE-2022-1391

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
References
Link Resource
https://packetstormsecurity.com/files/166533/ Exploit Third Party Advisory VDB Entry
https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac Exploit Third Party Advisory
https://packetstormsecurity.com/files/166533/ Exploit Third Party Advisory VDB Entry
https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:40

Type Values Removed Values Added
References () https://packetstormsecurity.com/files/166533/ - Exploit, Third Party Advisory, VDB Entry () https://packetstormsecurity.com/files/166533/ - Exploit, Third Party Advisory, VDB Entry
References () https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac - Exploit, Third Party Advisory

01 Aug 2022, 13:15

Type Values Removed Values Added
Summary The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

05 May 2022, 13:07

Type Values Removed Values Added
CPE cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:wordpress:*:*
References (MISC) https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac - (MISC) https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac - Exploit, Third Party Advisory
References (MISC) https://packetstormsecurity.com/files/166533/ - (MISC) https://packetstormsecurity.com/files/166533/ - Exploit, Third Party Advisory, VDB Entry
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8

25 Apr 2022, 16:30

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-25 16:16

Updated : 2024-11-21 06:40


NVD link : CVE-2022-1391

Mitre link : CVE-2022-1391

CVE.ORG link : CVE-2022-1391


JSON object : View

Products Affected

kanev

  • cab_fare_calculator
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')