ID:8647 - Exploit for Path traversal in Site Editor - CVE-2018-7422

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:8647 - Exploit for Path traversal in Site Editor - CVE-2018-7422

ID:8647 - Exploit for Path traversal in Site Editor - CVE-2018-7422

Published: December 6, 2022


Vulnerability identifier: #VU14204
Vulnerability risk: Low
CVE-ID: CVE-2018-7422
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
Site Editor

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient sanitization of user-supplied input submitted to the ajax_path parameter that is processed by the editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php code. A remote attacker can send a specially crafted request that submits malicious input, conduct directory traversal attack access arbitrary files on the system.


Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.