.. / CVE-2022-41840

Exploit for Welcart eCommerce <=2.7.7 - Local File Inclusion (CVE-2022-41840)

Description:

Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.

Nuclei Template

View the template here CVE-2022-41840.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-41840.yaml
Copy

References:

https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve
https://nvd.nist.gov/vuln/detail/CVE-2022-41840
https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability
https://wordpress.org/plugins/usc-e-shop/