.. / CVE-2022-4063

Exploit for WordPress InPost Gallery <2.1.4.1 - Local File Inclusion (CVE-2022-4063)

Description:

WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP’s extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.

Nuclei Template

View the template here CVE-2022-4063.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-4063.yaml
Copy

References:

https://github.com/im-hanzou/INPGer
https://github.com/cyllective/CVEs
https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
https://wordpress.org/plugins/inpost-gallery/
https://nvd.nist.gov/vuln/detail/CVE-2022-4063