Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2022-1386

Published: 16/05/2022 Updated: 14/03/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Fusion Builder

Vulnerability Summary

The Fusion Builder WordPress plugin prior to 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fusion builder project fusion builder

theme-fusion avada

Github Repositories

https://github.com/ardzz/CVE-2022-1386

CVE-2022-1386 - Fusion Builder < 362 - Unauthenticated SSRF Description Fusion Builder is a WordPress plugin that allows users to create and edit pages using a drag-and-drop interface It is vulnerable to an unauthenticated SSRF that allows an attacker to read any file on the server Proof of Concept Request: POST /wp-admin/admin-ajaxphp HTTP/11 Host: examplecom Us

https://github.com/imhunterand/CVE-2022-1386

CVE-2022-1386 Check for SSRF/BLIND SSRF and Executed payloads $ python3 CVE-2022-1386py

https://github.com/im-hanzou/fubucker

Automatic Mass Tool for checking vulnerability in CVE-2022-1386 - Fusion Builder < 3.6.2 - Unauthenticated SSRF

Fubucker | CVE-2022-1386 - Fusion Builder Automatic Mass Tool for checking vulnerability in CVE-2022-1386 - Fusion Builder &lt; 362 - Unauthenticated SSRFUsing GNU Parallel You must have parallel for running this toolIf you found error like "$'\r': command not found" just do "dos2unix fubuckersh" Install Parallel Linux : command # apt-get

https://github.com/satyasai1460/CVE-2022-1386

git clone githubcom/satyasai1460/CVE-2022-1386git cd CVE-2022-1386 apt install python3-pip pip install -r requirementstxt python3 exploitpy

References

CWE-918https://www.rootshellsecurity.net/rootshell-discovered-a-critical-vulnerability-in-top-wordpress-theme/https://theme-fusion.com/version-7-6-2-security-update/https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536bhttps://nvd.nist.govhttps://github.com/ardzz/CVE-2022-1386https://github.com/im-hanzou/fubucker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook