admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-29 09:41:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2022-4298.md

13 lines
1.5 KiB
Markdown
Raw Normal View History

Create CVE-2022-4298.md add CVE-2022-4298
2023-06-21 17:48:36 +08:00
## WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298)
| **Vulnerability** | **WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298)** |
| :----: | :-----|
| **Chinese name** | WordPress Wholesale Market 插件 ced_cwsm_csv_import_export_module_download_error_log 任意文件读取漏洞CVE-2022-4298 |
| **CVSS core** | 9.0 |
| **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/wholesale-market"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3dob2xlc2FsZS1tYXJrZXQi) |
| **Number of assets affected** | 120 |
| **Description** | The WordPress plugin Wholesale Market is a woocommerce extension plugin that enables your store to create wholesale users and set wholesale prices for products by. The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server. |
| **Impact** | The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server. |
![](https://s3.bmp.ovh/imgs/2023/06/21/f9ab68386ba634ba.gif)
Reference in New Issue Copy Permalink