Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-2441

Published: 20/10/2023 Updated: 07/11/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Orangelab

Vulnerability Summary

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an malicious user to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

orangelab imagemagick engine

Github Repositories

https://github.com/20142995/nuclei-templates

nuclei-templates 2W+已校验

templates type templates conut change(new) CVE-2000 1 0 CVE-2001 2 -1 CVE-2002 1 0 CVE-2003 2 0 CVE-2004 4 0 CVE-2005 16 0 CVE-2006 19 0 CVE-2007 64 0 CVE-2008 76 0 CVE-2009 46 0 CVE-2010 140 0 CVE-2011 92 0 CVE-2012 146 0 CVE-2013 169 0 CVE-2014 428 0 CVE-2015 531 0 CVE-2016 249 0 CVE-2017 427 0 CVE-2018 479 0 CVE-2019 572 0 CVE-2020

References

CWE-352https://github.com/orangelabweb/imagemagick-engine/blob/v.1.7.2/imagemagick-engine.php#L529https://www.exploit-db.com/exploits/51025https://github.com/orangelabweb/imagemagick-engine/blob/1.7.4/imagemagick-engine.php#L529https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2441https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2801283%40imagemagick-engine%2Ftrunk&old=2732430%40imagemagick-engine%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/b1f17a83-1df0-44fe-bd86-243cff6ec91b?source=cvehttps://nvd.nist.govhttps://github.com/20142995/nuclei-templates
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook