CVE-2022-2633 - OpenCVE

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Plugins360	All-in-one Video Gallery

Configuration 1 [-]

cpe:2.3:a:plugins360:all-in-one_video_gallery:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227
https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2744708%40all-in-one-video-gallery&new=2744708%40all-in-one-video-gallery&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-09-06T17:18:59

Updated: 2024-08-03T00:46:03.415Z

Reserved: 2022-08-02T00:00:00

Link: CVE-2022-2633

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-06T18:15:14.503

Modified: 2024-01-11T09:15:45.340

Link: CVE-2022-2633

Redhat

No data.

{"containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-01-11T08:32:43.003Z"}, "affected": [{"vendor": "plugins360", "product": "All-in-One Video Gallery", "versions": [{"version": "2.5.8", "status": "affected", "lessThanOrEqual": "2.6.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2744708%40all-in-one-video-gallery&new=2744708%40all-in-one-video-gallery&sfp_email=&sfph_mail="}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633"}, {"url": "https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Gabriele Zuddas"}], "timeline": [{"time": "2022-08-08T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2022-08-17T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:03.415Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2744708%40all-in-one-video-gallery&new=2744708%40all-in-one-video-gallery&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2022-2633", "datePublished": "2022-09-06T17:18:59", "dateReserved": "2022-08-02T00:00:00", "dateUpdated": "2024-08-03T00:46:03.415Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plugins360:all-in-one_video_gallery:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "366D1EF1-5A0A-47E6-9DB1-8F5D69FB8172", "versionEndIncluding": "2.6.0", "versionStartIncluding": "2.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server."}, {"lang": "es", "value": "El plugin All-in-One Video Gallery para WordPress es vulnerable a la descarga de archivos arbitrarios y un ataque de tipo server-side request forgery ciego por medio del par\u00e1metro \"dl\" que es encontrado en el archivo ~/public/video.php en versiones hasta 2.6.0 incluy\u00e9ndola. Esto hace posible a usuarios no autenticados descargar archivos confidenciales alojados en el servidor afectado y falsifiquen peticiones al servidor."}], "id": "CVE-2022-2633", "lastModified": "2024-01-11T09:15:45.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2022-09-06T18:15:14.503", "references": [{"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227"}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php"}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2744708%40all-in-one-video-gallery&new=2744708%40all-in-one-video-gallery&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-610"}], "source": "nvd@nist.gov", "type": "Primary"}]}