cnvd - cnvd-2022-85055

CNVD-2022-85055

Vulnerability from cnvd - Published: 2022-11-29

Title

WordPress Simple:Press plugin任意文件修改漏洞

Description

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Simple:Press plugin6.8及其之前版本存在任意文件修改漏洞，该漏洞源于“file”参数未能对插件上下文中编辑的文件进行正确地限制。具有较高权限的攻击者可利用此漏洞修改服务器上任意文件。

Severity

中

Patch Name

WordPress Simple:Press plugin任意文件修改漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031

Reference

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail=

Impacted products

Name
WordPress Simple:Press plugin <=6.8

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-4031",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-4031"
    }
  },
  "description": "WordPress\u548cWordPress plugin\u90fd\u662fWordPress\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002WordPress\u662f\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress plugin\u662f\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nWordPress Simple:Press plugin6.8\u53ca\u5176\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4fee\u6539\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u201cfile\u201d\u53c2\u6570\u672a\u80fd\u5bf9\u63d2\u4ef6\u4e0a\u4e0b\u6587\u4e2d\u7f16\u8f91\u7684\u6587\u4ef6\u8fdb\u884c\u6b63\u786e\u5730\u9650\u5236\u3002\u5177\u6709\u8f83\u9ad8\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4fee\u6539\u670d\u52a1\u5668\u4e0a\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-85055",
  "openTime": "2022-11-29",
  "patchDescription": "WordPress\u548cWordPress plugin\u90fd\u662fWordPress\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002WordPress\u662f\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress plugin\u662f\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\r\n\r\nWordPress Simple:Press plugin6.8\u53ca\u5176\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4fee\u6539\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u201cfile\u201d\u53c2\u6570\u672a\u80fd\u5bf9\u63d2\u4ef6\u4e0a\u4e0b\u6587\u4e2d\u7f16\u8f91\u7684\u6587\u4ef6\u8fdb\u884c\u6b63\u786e\u5730\u9650\u5236\u3002\u5177\u6709\u8f83\u9ad8\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4fee\u6539\u670d\u52a1\u5668\u4e0a\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress Simple:Press plugin\u4efb\u610f\u6587\u4ef6\u4fee\u6539\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Simple:Press plugin \u003c=6.8"
  },
  "referenceLink": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2804020%40simplepress\u0026new=2804020%40simplepress\u0026sfp_email=\u0026sfph_mail=",
  "serverity": "\u4e2d",
  "submitTime": "2022-11-30",
  "title": "WordPress Simple:Press plugin\u4efb\u610f\u6587\u4ef6\u4fee\u6539\u6f0f\u6d1e"
}

CVE-2022-4031 (GCVE-0-2022-4031)

Vulnerability from cvelistv5 – Published: 2022-11-29 20:15 – Updated: 2025-01-23 21:23

Summary

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.

Severity ?

3.8 (Low)


                        
                          CVSS:3.1/A:L/I:L/C:N/S:U/UI:N/PR:H/AC:L/AV:N

CWE

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

Wordfence

References

URL

Tags

	https://plugins.trac.wordpress.org/changeset?sfp_…
	https://www.wordfence.com/vulnerability-advisorie…

Impacted products

	Vendor	Product	Version
	simplepress	Simple:Press – WordPress Forum Plugin	Affected: * , ≤ 6.8 (semver)

Credits

Luca Greeb Andreas Krüger

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:27:53.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2804020%40simplepress\u0026new=2804020%40simplepress\u0026sfp_email=\u0026sfph_mail="
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T21:23:04.811211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T21:23:30.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Simple:Press \u2013 WordPress Forum Plugin",
          "vendor": "simplepress",
          "versions": [
            {
              "lessThanOrEqual": "6.8",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Luca Greeb"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Andreas Kr\u00fcger"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the \u0027file\u0027 parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/A:L/I:L/C:N/S:U/UI:N/PR:H/AC:L/AV:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-29T20:15:59.914Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2804020%40simplepress\u0026new=2804020%40simplepress\u0026sfp_email=\u0026sfph_mail="
        },
        {
          "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-11-29T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2022-4031",
    "datePublished": "2022-11-29T20:15:59.914Z",
    "dateReserved": "2022-11-16T18:30:39.041Z",
    "dateUpdated": "2025-01-23T21:23:30.526Z",
    "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-85055

CVE-2022-4031 (GCVE-0-2022-4031)

Tags

Sightings

Nomenclature