What is CVE-2022-1391?

CVE-2022-1391 is a vulnerability in Cab Fare Calculator, classified under Path Traversal. Published 2022-04-25.

Is CVE-2022-1391 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Cab Fare Calculator

CVE-2022-1391

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.667 (98.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Cab Fare Calculator — versions 1.0.4

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac (x_refsource_MISC)
packetstormsecurity.com/files/166533/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1391?: CVE-2022-1391 is a vulnerability in Cab Fare Calculator, classified under Path Traversal. Published 2022-04-25.
Is CVE-2022-1391 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.