CVE-2022-4063
Description
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
NVD
Severity: CRITICAL
CVE ID: CVE-2022-4063
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-4063
Refrence: Project Discovery GitHub
im-hanzou
Automatic Mass Tool for checking vulnerability in CVE-2022-4063 - InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
Refrence: GitHub
Content on GitHub
mbadanoiu | watchers:2
CVE-2022-40635
CVE-2022-40635: Groovy Sandbox Bypass in CrafterCMS
Refrence: GitHub
mbadanoiu | watchers:0
CVE-2022-40634
CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS
Refrence: GitHub