CVE-2022-3861 - OpenCVE

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Muffingroup	Betheme

Configuration 1 [-]

cpe:2.3:a:muffingroup:betheme:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-3861.txt
https://muffingroup.com/betheme/
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3861

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-11-21T12:45:46.108Z

Updated: 2024-08-03T01:20:58.787Z

Reserved: 2022-11-04T13:47:00.257Z

Link: CVE-2022-3861

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-21T13:15:10.273

Modified: 2023-11-07T03:51:53.920

Link: CVE-2022-3861

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3861", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc", "dateReserved": "2022-11-04T13:47:00.257Z", "datePublished": "2022-11-21T12:45:46.108Z", "dateUpdated": "2024-08-03T01:20:58.787Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2022-11-21T12:45:46.108Z"}, "affected": [{"vendor": "MuffinGroup", "product": "Betheme", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "26.5.1.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc.."}], "references": [{"url": "https://muffingroup.com/betheme/"}, {"url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-3861.txt"}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3861"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/A:H/I:H/C:H/S:U/UI:N/PR:L/AC:L/AV:N", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Julien Ahrens"}], "timeline": [{"time": "2022-11-18T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.787Z"}, "title": "CVE Program Container", "references": [{"url": "https://muffingroup.com/betheme/", "tags": ["x_transferred"]}, {"url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-3861.txt", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3861", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:muffingroup:betheme:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2460AF8E-62E7-4E6C-8F9B-5DDC895BE634", "versionEndExcluding": "26.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc.."}, {"lang": "es", "value": "El tema Betheme para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en versiones hasta 26.5.1.4 inclusive a trav\u00e9s de la deserializaci\u00f3n de entradas no confiables proporcionadas a trav\u00e9s de los par\u00e1metros import, mfn-items-import-page y mfn-items-import pasados ??a trav\u00e9s del funciones mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage e importfromclipboard. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten un objeto PHP. La presencia adicional de una cadena POP permitir\u00eda a los atacantes ejecutar c\u00f3digo, recuperar datos sensibles, eliminar archivos, etc."}], "id": "CVE-2022-3861", "lastModified": "2023-11-07T03:51:53.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2022-11-21T13:15:10.273", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-3861.txt"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://muffingroup.com/betheme/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3861"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}