Vulnerability Description
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kanev | Cab Fare Calculator | < 1.0.4 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/166533/ExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aacExploitThird Party Advisory
- https://packetstormsecurity.com/files/166533/ExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aacExploitThird Party Advisory
FAQ
What is CVE-2022-1391?
CVE-2022-1391 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
How severe is CVE-2022-1391?
CVE-2022-1391 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-1391?
Check the references section above for vendor advisories and patch information. Affected products include: Kanev Cab Fare Calculator.