CVE-2022-50954

Published: Mag 10, 2026 Last Modified: Mag 10, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 6,2

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to include and execute files outside the intended controllers directory.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: PHP

Technologies: Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

https://wordpress.org/plugins/cab-fare-calculator/

https://www.exploit-db.com/exploits/50843

https://www.vulncheck.com/advisories/wordpress-plugin-cab-f…

https://www.vulncheck.com/advisories/wordpress-plugin-cab-fare-calculator-local…

CVE-2022-50954

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter