JVNDB-2023-000094

[Japanese]
JVNDB-2023-000094
Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
Overview
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below. * Unrestricted Upload of File with Dangerous Type (CWE-434) - CVE-2023-40219 * Path Traversal (CWE-22) - CVE-2023-40532 * Cross-site Scripting in registration process of Item List page (CWE-79) - CVE-2023-41233 * Cross-site Scripting in Credit Card Payment Setup page (CWE-79) - CVE-2023-41962 * Cross-site Scripting in Item List page (CWE-79) - CVE-2023-43484 * SQL Injection in Item List page (CWE-89) - CVE-2023-43493 * SQL Injection in Order Data Edit page (CWE-89) - CVE-2023-43610 * Cross-site Scripting in Order Data Edit page (CWE-79) - CVE-2023-43614 CVE-2023-40219 Akihiro Hashimoto reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-40532, CVE-2023-41233, CVE-2023-41962, CVE-2023-43484, CVE-2023-43493, CVE-2023-43610, CVE-2023-43614 Shogo Kumamaru of LAC CyberLink Co., Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 5.4 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None CVSS V2 Severity: Base Metrics 5.5 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: Single Instance Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None The above CVSS base scores have been assigned for CVE-2023-43610
CVSS V3 Severity: Base Metrics 2.7 (Low) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: Low Availability Impact: None CVSS V2 Severity: Base Metrics 4.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None The above CVSS base scores have been assigned for CVE-2023-40219
CVSS V3 Severity: Base Metrics 4.3 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: Low Integrity Impact: None Availability Impact: None CVSS V2 Severity: Base Metrics 4.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None The above CVSS base scores have been assigned for CVE-2023-40532
CVSS V3 Severity: Base Metrics 6.1 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None The above CVSS base scores have been assigned for CVE-2023-41233
CVSS V3 Severity: Base Metrics 6.1 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None The above CVSS base scores have been assigned for CVE-2023-41962
CVSS V3 Severity: Base Metrics 6.1 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None The above CVSS base scores have been assigned for CVE-2023-43484
CVSS V3 Severity: Base Metrics 6.5 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: None Availability Impact: None CVSS V2 Severity: Base Metrics 4.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None The above CVSS base scores have been assigned for CVE-2023-43493
CVSS V3 Severity: Base Metrics 6.1 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None The above CVSS base scores have been assigned for CVE-2023-43614
Affected Products

Collne Inc. Welcart e-Commerce versions 2.7 to 2.8.21

Impact
* A user with editor or higher privilege may upload an arbitrary file to an unauthorized directory - CVE-2023-40219 * A user with author or higher privilege may obtain partial information of the files on the web server - CVE-2023-40532 * An arbitrary script may be executed on a logged-in user's web browser - CVE-2023-41233,CVE-2023-43484,CVE-2023-43614 * When accessing a specially crafted page, an arbitrary script may be injected in Credit Card Payment Setup page - CVE-2023-41962 * A user with author or higher privilege may obtain sensitive information - CVE-2023-43493 * A user with editor (without setting authority) or higher privilege may perform unintended database operations - CVE-2023-43610
Solution
[Update the plugin] Update the plugin according to the information provided by the developer. The developer has released the following version that addresses these vulnerabilities. * Welcart e-Commerce 2.8.22
Vendor Information
Collne Inc. Collne Inc. : Collne Inc. website (in Japanese)
CWE (What is CWE?)
Path Traversal(CWE-22) [IPA Evaluation] Cross-site Scripting(CWE-79) [IPA Evaluation] SQL Injection(CWE-89) [IPA Evaluation] No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)
CVE-2023-40219 CVE-2023-40532 CVE-2023-41233 CVE-2023-41962 CVE-2023-43484 CVE-2023-43493 CVE-2023-43610 CVE-2023-43614
References
JVN : JVN#97197972
Revision History
[2023/09/22] Web page was published


Date Public	2023/09/22
Date First Published	2023/09/22
Date Last Updated	2023/09/22

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"