CVE-2022-1119 — AI Deep Analysis Summary

🚨 **Essence**: Path Traversal / Arbitrary File Read. The `eeFile` parameter in `ee-downloader.php` lacks input validation.…

🛡️ **CWE-22**: Improper Limitation of a Pathname to a Restricted Directory. 💥 **Flaw**: Missing controls/filtering on the `eeFile` parameter allows directory traversal sequences (e.g., `../`).

📦 **Product**: WordPress Plugin 'The Simple File List'. 👤 **Vendor**: eemitch. 📅 **Affected**: Version 3.2.7 and earlier. ✅ **Safe**: Version 3.2.8+.

🕵️ **Action**: Unauthenticated attackers can retrieve arbitrary files. 📂 **Data**: Server-side files (config, source code, etc.). 🔓 **Privileges**: No login required (PR:N).

⚡ **Threshold**: LOW. 🚫 **Auth**: None required (Unauthenticated). 🌐 **Network**: Remote (AV:N). 🎯 **Complexity**: Low (AC:L). Easy to exploit.

🔥 **Yes**: Public PoCs exist. 📂 **GitHub**: `z92g/CVE-2022-1119` (Batch/Single scan tool). 🧪 **Nuclei**: Template available for automated scanning.

🔍 **Check**: Request `~/includes/ee-downloader.php` with `eeFile` parameter containing `../`. 📡 **Scan**: Use Nuclei templates or the provided Python PoC script to detect vulnerable instances.

🛠️ **Fix**: Upgrade to **Simple File List version 3.2.8** or later. 🔄 **Action**: Update the plugin via WordPress dashboard or manually replace files.

🚧 **Workaround**: If patching is delayed, restrict access to `ee-downloader.php` via `.htaccess` or WAF rules. 🚫 **Block**: Deny requests containing `../` in the `eeFile` parameter.

🔴 **Priority**: HIGH. 📢 **Reason**: Unauthenticated, remote, easy to exploit, and public PoCs are available. Immediate patching recommended.