CVE-2022-4063

Description

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.

NVD
Severity: CRITICAL
CVE ID: CVE-2022-4063
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2022-4063

Refrence: Project Discovery GitHub

im-hanzou

Automatic Mass Tool for checking vulnerability in CVE-2022-4063 - InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

Refrence: GitHub

Content on GitHub

mbadanoiu | watchers:2

CVE-2022-40635
CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS

Refrence: GitHub

mbadanoiu | watchers:0

CVE-2022-40634
CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub