What is CVE-2022-0679?

CVE-2022-0679 is a vulnerability in Narnoo Distributor, classified under Path Traversal. Published 2022-03-28.

Is CVE-2022-0679 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Narnoo Distributor

CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.845 (99.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Narnoo Distributor — versions 2.5.1

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0679?: CVE-2022-0679 is a vulnerability in Narnoo Distributor, classified under Path Traversal. Published 2022-03-28.
Is CVE-2022-0679 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.