CVE-2022-50953

MEDIUM(6.2)

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Risk Signal Score21/100 — NIEDRIG

CVSS 6.2 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.2

Technische Schwere

Beschreibung

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration.

Referenzen

https://wordpress.org/plugins/admin-word-count-column/
https://www.exploit-db.com/exploits/50845
https://www.vulncheck.com/advisories/wordpress-plugin-admin-word-count-column-lo...