CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17058 – WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-17058
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code ** EN DISPUTA ** El plugin WooCommerce hasta la versión 3.x para WordPress contiene una vulnerabilidad de salto de directorio mediante un URI /wp-content/plugins/woocommerce/templates/emails/plain/ que accede a un directorio principal. NOTA: un mantenedor de software indica que no es posible que se produzca un salto de directorio debido a que todos los archivos de template contienen código "if (!defined('ABSPATH')) {exit;}". • https://www.exploit-db.com/exploits/43196 https://github.com/fu2x2000/CVE-2017-17058-woo_exploit https://github.com/woocommerce/woocommerce/issues/17964 https://www.exploit-db.com/ghdb/4613 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18356 – WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2017-18356
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes. En el plugin Automattic WooCommerce en versiones anteriores a la 3.2.4 para WordPress, es posible realizar un ataque tras obtener acceso al sitio objetivo con una cuenta de usuario que tiene, al menos, privilegios de gerente de tienda. El atacante construye una cadena especialmente manipulada que se convertirá en una inyección de objetos PHP relacionada con el uso de consultas en caché en códigos cortos en WC_Shortcode_Products::get_products(), en includes/shortcodes/class-wc-shortcode-products.php. • https://blog.ripstech.com/2018/woocommerce-php-object-injection https://woocommerce.wordpress.com/2017/11/16/woocommerce-3-2-4-security-fix-release-notes • CWE-94: Improper Control of Generation of Code ('Code Injection') •