.. / CVE-2022-1391

Exploit for WordPress Cab fare calculator < 1.0.4 - Local File Inclusion (CVE-2022-1391)

Description:

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

Nuclei Template

View the template here CVE-2022-1391.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-1391.yaml

References:

https://wordpress.org/plugins/cab-fare-calculator
https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2022-1391
https://www.exploit-db.com/exploits/50843
https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac

.. / CVE-2022-1391 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Cab fare calculator < 1.0.4 - Local File Inclusion (CVE-2022-1391)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-1391