Main Vulnerability Database Vulnerabilities #VU69865

#VU69865 PHP file inclusion in S2W - Import Shopify to WooCommerce - CVE-2022-44634

Published: December 3, 2022 / Updated: December 5, 2022

Vulnerability identifier: #VU69865

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-44634

CWE-ID: CWE-98

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
S2W - Import Shopify to WooCommerce

Software vendor:
VillaTheme

Description

The vulnerability allows a remote user to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Remediation

Install updates from vendor's website.

External links

https://wordpress.org/plugins/import-shopify-to-woocommerce/#developers
https://patchstack.com/database/vulnerability/import-shopify-to-woocommerce/wordpress-s2w-import-shopify-to-woocommerce-plugin-1-1-12-auth-local-file-inclusion-lfi-vulnerability?_s_id=cve

#VU69865 PHP file inclusion in S2W - Import Shopify to WooCommerce - CVE-2022-44634

Description

Remediation

External links

Please verify you're human