CVE-2022-4302
Published on: Not Yet Published
Last Modified on: 11/07/2023 03:57:00 AM UTC
Certain versions of White Label Cms from Videousermanuals contain the following vulnerability:
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
- CVE-2022-4302 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: Unknown - White Label CMS version = 0
CVSS3 Score: 7.2 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | HIGH | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
White Label CMS < 2.5 - Admin+ PHP Object Injection WordPress Security Vulnerability | web.archive.org text/html Inactive LinkNot Archived | MISC wpscan.com/vulnerability/b7707a15-0987-4051-a8ac-7be2424bcb01 |
There are currently no QIDs associated with this CVE
Exploit/POC from Github
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow …
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Videousermanuals | White Label Cms | All | All | All | All |
- cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2022-4302 : The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings,… twitter.com/i/web/status/1… | 2023-01-02 22:13:00 |
/r/netcve | CVE-2022-4302 | 2023-01-02 23:38:49 |