CVE-2022-1574 - Vulnerability Details

Vendors	Products
Html2wp Project	Html2wp

Link	Providers
https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14

Show plain JSON

{"containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-07-04T08:17:18.191Z"}, "title": "HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "HTML2WP", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThanOrEqual": "1.0.0"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server"}], "references": [{"url": "https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Daniel Ruf", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.721Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1574", "datePublished": "2022-06-27T08:57:00", "dateReserved": "2022-05-04T00:00:00", "dateUpdated": "2024-08-03T00:10:03.721Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

providerMetadata : { »

orgId : 1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81 (string)

shortName : WPScan (string)

dateUpdated : 2023-07-04T08:17:18.191Z (string)

}

title : HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : CWE-862 Missing Authorization (string)

lang : en (string)

type : CWE (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

description : CWE-352 Cross-Site Request Forgery (CSRF) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Unknown (string)

product : HTML2WP (string)

versions : [ »

0 : { »

status : affected (string)

versionType : custom (string)

version : 0 (string)

lessThanOrEqual : 1.0.0 (string)

}

]

defaultStatus : affected (string)

collectionURL : https://wordpress.org/plugins (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server (string)

}

]

references : [ »

0 : { »

url : https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14 (string)

tags : [ »

0 : exploit (string)

1 : vdb-entry (string)

2 : technical-description (string)

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : Daniel Ruf (string)

type : finder (string)

}

1 : { »

lang : en (string)

value : WPScan (string)

type : coordinator (string)

}

]

source : { »

discovery : EXTERNAL (string)

}

x_generator : { »

engine : WPScan CVE Generator (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T00:10:03.721Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14 (string)

tags : [ »

0 : exploit (string)

1 : vdb-entry (string)

2 : technical-description (string)

3 : x_transferred (string)

]

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81 (string)

assignerShortName : WPScan (string)

cveId : CVE-2022-1574 (string)

datePublished : 2022-06-27T08:57:00 (string)

dateReserved : 2022-05-04T00:00:00 (string)

dateUpdated : 2024-08-03T00:10:03.721Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A56A1BC3-602F-4773-96D7-28D6B8A9B0B3", "versionEndIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server"}, {"lang": "es", "value": "El plugin HTML2WP de WordPress versiones hasta 1.0.0, no dispone de comprobaciones de autorizaci\u00f3n y CSRF cuando son importados archivos, y no los comprueba, por lo que atacantes no autenticados pueden cargar archivos arbitrarios (como PHP) en el servidor remoto"}], "id": "CVE-2022-1574", "lastModified": "2024-11-21T06:40:59.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-27T09:15:09.227", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:* (string)

matchCriteriaId : A56A1BC3-602F-4773-96D7-28D6B8A9B0B3 (string)

versionEndIncluding : 1.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server (string)

}

1 : { »

lang : es (string)

value : El plugin HTML2WP de WordPress versiones hasta 1.0.0, no dispone de comprobaciones de autorización y CSRF cuando son importados archivos, y no los comprueba, por lo que atacantes no autenticados pueden cargar archivos arbitrarios (como PHP) en el servidor remoto (string)

}

]

id : CVE-2022-1574 (string)

lastModified : 2024-11-21T06:40:59.883 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-06-27T09:15:09.227 (string)

references : [ »

0 : { »

source : contact@wpscan.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14 (string)

}

]

sourceIdentifier : contact@wpscan.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

1 : { »

lang : en (string)

value : CWE-862 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object