Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by string_locator_project
CVE-2022-0493 (GCVE-0-2022-0493)
Vulnerability from cvelistv5 – Published: 2022-03-28 17:22 – Updated: 2024-08-02 23:32
VLAI
Title
String Locator < 2.5.0 - Admin+ Arbitrary File Read
Summary
The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.
Severity
No CVSS data available.
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/21e2e5fc-03d2-47… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2685592 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | String locator |
Affected:
2.5.0 , < 2.5.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/21e2e5fc-03d2-4791-beef-07af6bf985ed"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2685592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "String locator",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "qerogram"
}
],
"descriptions": [
{
"lang": "en",
"value": "The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T17:22:53.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/21e2e5fc-03d2-4791-beef-07af6bf985ed"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2685592"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "String Locator \u003c 2.5.0 - Admin+ Arbitrary File Read",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0493",
"STATE": "PUBLIC",
"TITLE": "String Locator \u003c 2.5.0 - Admin+ Arbitrary File Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "String locator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.5.0",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "qerogram"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/21e2e5fc-03d2-4791-beef-07af6bf985ed",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/21e2e5fc-03d2-4791-beef-07af6bf985ed"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2685592",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2685592"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0493",
"datePublished": "2022-03-28T17:22:54.000Z",
"dateReserved": "2022-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:45.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}