CVE-2022-0888 - OpenCVE

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ninjaforms	Ninja Forms File Uploads

Configuration 1 [-]

cpe:2.3:a:ninjaforms:ninja_forms_file_uploads:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607
https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-03-23T19:46:51

Updated: 2024-08-02T23:47:42.076Z

Reserved: 2022-03-08T00:00:00

Link: CVE-2022-0888

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-23T20:15:10.470

Modified: 2024-01-11T09:15:42.923

Link: CVE-2022-0888

Redhat

No data.

{"containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-01-11T08:33:08.128Z"}, "affected": [{"vendor": "SaturdayDrive", "product": "Ninja Forms - File Uploads", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve"}, {"url": "https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607"}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Zeeshan"}], "timeline": [{"time": "2020-03-20T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:47:42.076Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2022-0888", "datePublished": "2022-03-23T19:46:51", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-02T23:47:42.076Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ninjaforms:ninja_forms_file_uploads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FAC42409-3F00-4EBF-BE06-88030A7725F0", "versionEndIncluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0"}, {"lang": "es", "value": "El plugin Ninja Forms - File Uploads Extension de WordPress es vulnerable a una carga de archivos arbitrarios debido a la insuficiente comprobaci\u00f3n del tipo de archivo de entrada encontrada en el archivo ~/includes/ajax/controllers/uploads.php que puede ser evitado haciendo posible que atacantes no autenticados carguen archivos maliciosos que pueden ser usados para obtener una ejecuci\u00f3n de c\u00f3digo remota, en versiones hasta la 3.3.0 incluy\u00e9ndola"}], "id": "CVE-2022-0888", "lastModified": "2024-01-11T09:15:42.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2022-03-23T20:15:10.470", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}