Ultimate Member Plugin hasta 2.5.0 en WordPress Template class-shortcodes.php load_template tpl directory traversal

ArtículoHistoryDiffjsonxmlCTI

Una vulnerabilidad clasificada como crítica fue encontrada en Ultimate Member Plugin hasta 2.5.0. La función load_template del archivo includes/core/class-shortcodes.php del componente Template Handler es afectada por esta vulnerabilidad. Por la manipulación del parámetro tpl de un input desconocido se causa una vulnerabilidad de clase directory traversal. El advisory puede ser descargado de github.com. La vulnerabilidad es identificada como CVE-2022-3966. El ataque se puede hacer desde la red. Los detalles técnicos son conocidos. Fue declarado como no está definido. Una actualización a la versión 2.5.1 elimina esta vulnerabilidad. La actualización se puede descargar de github.com. El parche puede ser descargado de github.com. El mejor modo sugerido para mitigar el problema es actualizar a la última versión. Una solución posible ha sido publicada incluso antes y no después de la publicación de la vulnerabilidad.

Campo	2022-11-13 08:46	2022-12-17 14:19	2022-12-17 14:21
name	Ultimate Member Plugin	Ultimate Member Plugin	Ultimate Member Plugin
version	<=2.5.0	<=2.5.0	<=2.5.0
platform	WordPress	WordPress	WordPress
component	Template Handler	Template Handler	Template Handler
file	includes/core/class-shortcodes.php	includes/core/class-shortcodes.php	includes/core/class-shortcodes.php
function	load_template	load_template	load_template
argument	tpl	tpl	tpl
cwe	21 (directory traversal)	21 (directory traversal)	21 (directory traversal)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	e1bc94c1100f02a129721ba4be5fbc44c3d78ec4	e1bc94c1100f02a129721ba4be5fbc44c3d78ec4	e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
url	https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4	https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4	https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
name	Upgrade	Upgrade	Upgrade
upgrade_version	2.5.1	2.5.1	2.5.1
upgrade_url	https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1	https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1	https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1
patch_name	e1bc94c1100f02a129721ba4be5fbc44c3d78ec4	e1bc94c1100f02a129721ba4be5fbc44c3d78ec4	e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
patch_url	https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4	https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4	https://github.com/ultimatemember/ultimatemember/commit/e1bc94c1100f02a129721ba4be5fbc44c3d78ec4
cve	CVE-2022-3966	CVE-2022-3966	CVE-2022-3966
responsible	VulDB	VulDB	VulDB
date	1668294000 (2022-11-13)	1668294000 (2022-11-13)	1668294000 (2022-11-13)
type	WordPress Plugin	WordPress Plugin	WordPress Plugin
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1	4.1
cvss3_meta_basescore	4.3	4.3	5.4
cvss3_meta_tempscore	4.1	4.1	5.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1668294000 (2022-11-13)	1668294000 (2022-11-13)
cve_nvd_summary		A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability.	A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			N
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			N
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			7.5
cvss3_cna_basescore			4.3

◂ Anterior Visión De Conjunto Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!