admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-08-05 01:01:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create WordPress_plugin_Welcart_e-Commerce_content-log.php_logfile_File_Read_Vulnerability

Browse Source 
add WordPress_plugin_Welcart_e-Commerce_content-log.php_logfile_File_Read_Vulnerability
This commit is contained in:
Goby 2023-05-12 18:14:49 +08:00 committed by GitHub
parent 689061c603
commit 1c1f6c4630
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
WordPress_plugin_Welcart_e-Commerce_content-log.php_logfile_File_Read_Vulnerability Normal file
View File

@ -0,0 +1,12 @@
## WordPress plugin Welcart e-Commerce content-log.php logfile File Read Vulnerability
| **Vulnerability** | **WordPress plugin Welcart e-Commerce content-log.php logfile File Read Vulnerability** |
| :----: | :-----|
| **Chinese name** | WordPress Welcart e-Commerce 插件 content-log.php 文件 logfile 参数文件读取漏洞 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [body=\"wp-content/plugins/usc-e-shop\"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3VzYy1lLXNob3Ai) |
| **Number of assets affected** | 5453 |
| **Description** | Welcart is a free e-commerce plugin for WordPress with top market share in Japan.An arbitrary file read vulnerability exists in Welcart e-Commerce < 2.8.5, and attackers can exploit this vulnerability to obtain sensitive files. |
| **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. |
![](https://s3.bmp.ovh/imgs/2023/05/12/2474ac119a44c003.gif)