Security for everyone

CVE-2022-0679 Scanner

Detects 'Local File Inclusion' vulnerability in Narnoo Distributor plugin for Wordpress affects v. through 2.5.1.

SCAN NOW

Short Info


Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2022-0679 Scanner Detail

The Narnoo Distributor WordPress plugin is a tool designed for entrepreneurs and travel agencies seeking to add travel services to their website. By implementing this plugin, website developers can gain access to a range of travel content, such as videos and images, as well as make bookings for tours and transportation.

Despite its inherent usefulness, the Narnoo Distributor WordPress plugin also has a significant security flaw that has been identified as CVE-2022-0679. This vulnerability causes an unvalidated and unsanitized 'lib_path' parameter to be used in a call to require(), resulting in a potential disclosure of arbitrary files. Ultimately, the content of the file can be displayed in response to the JSON data, which poses a significant risk to website security.

This vulnerability can lead to a range of nefarious activities, including arbitrary file disclosure and, potentially, remote code execution (RCE). The potential impact of such attacks can be severe, especially if the underlying system is improperly configured. As a result, it is essential to address this vulnerability as soon as possible.

Thanks to cutting-edge security features, the SecurityForEveryone.com platform enables users to receive timely notifications regarding potential vulnerabilities and any updates or patches needed to combat them. By emphasizing this point, business owners, web developers, and various IT professionals can quickly and conveniently stay on top of their digital assets' safety.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture