CVE-2022-50956

Vulnerability

Details

The WordPress plugin amministrazione-aperta version 3.7.3 contains a local file read vulnerability due to insufficient input validation in the open GET parameter within dispatcher.php [2][3]. The vulnerable code directly includes a file path supplied by the user without proper sanitization, allowing path traversal [3].

Exploitation

An unauthenticated attacker can exploit this by sending a crafted request to wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../etc/passwd or similar path traversal sequences [3]. No authentication is required, and the attack can be performed remotely over HTTP [2].

Impact

Successful exploitation allows reading arbitrary files accessible to the web server, including sensitive configuration files such as wp-config.php, which may contain database credentials and secret keys [2]. This could lead to further compromise of the WordPress installation and underlying server.

Mitigation

Users should update the plugin to a patched version if available. The plugin is developed for Italian public administration and is available on the WordPress plugin repository [1]. As of the advisory, version 3.7.3 is affected; later versions may have addressed the issue [2].