admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/3xxx/CVE-2022-3366.json
erwanlr 807950970a Adds CVEs
2022-10-31 17:07:32 +01:00

88 lines
2.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ID": "CVE-2022-3366",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "PublishPress Capabilities User Role Access, Editor Permissions, Admin Menus",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.5.2",
"version_value": "2.5.2"
}
]
}
},
{
"product_name": "PublishPress Capabilities Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.5.2",
"version_value": "2.5.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb",
"name": "https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-502 Deserialization of Untrusted Data",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Pham Viet Nam"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink