ExploitCVE-2022-4011
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
Published: Nov 16, 2022 / Updated: 24mo ago
010
CVSS 9.8EPSS 0.07%Critical
CVE info copied to clipboard
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
First Article
Feedly found the first article mentioning CVE-2022-4011. See article
Nov 16, 2022 at 8:08 AM / vuldb.com
EPSS
EPSS Score was set to: 0.07% (Percentile: 28.7%)
Sep 16, 2023 at 7:18 PM
Affected Systems
Simple_history_project/simple_history
+null more
Exploits
https://drive.google.com/file/d/142cPciqIhNbfKhhxIwbrYFTegLvnwin_/view
+null more
Links to Mitre Att&cks
T1562.003: Impair Command History Logging
+null more
Attack Patterns
CAPEC-10: Buffer Overflow via Environment Variables
+null more
News
WordPress Plugins Security Analysis
This code also has a special value “update_db” which, if checked, will update the data in the CSV file instead of creating a new record. One of the useful methods to prevent CSRF vulnerability in the development of WordPress plugins is to use unique tokens.
WordPress Plugins Security Analysis
This code also has a special value “update_db” which, if checked, will update the data in the CSV file instead of creating a new record. One of the useful methods to prevent CSRF vulnerability in the development of WordPress plugins is to use unique tokens.
WordPress Plugins Security Analysis
This code also has a special value “update_db” which, if checked, will update the data in the CSV file instead of creating a new record. One of the useful methods to prevent CSRF vulnerability in the development of WordPress plugins is to use unique tokens.
CVE-2022-4011 Exploit
CVE Id : CVE-2022-4011 Published Date: 2022-11-18T20:25:00+00:00 A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability. inTheWild added a link to an exploit:
CVE-2022-4011
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The...
See 7 more articles and social media posts