What is CVE-2022-1392?

CVE-2022-1392 is a vulnerability in Videos Sync Pdf, classified under Path Traversal. Published 2022-04-25.

Is CVE-2022-1392 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Videos Sync Pdf

CVE-2022-1392

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.509 (97.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Videos Sync Pdf — versions 1.7.4

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815 (x_refsource_MISC)
packetstormsecurity.com/files/166534/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1392?: CVE-2022-1392 is a vulnerability in Videos Sync Pdf, classified under Path Traversal. Published 2022-04-25.
Is CVE-2022-1392 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.