CVE-2022-47615 — AI Deep Analysis Summary

🚨 **Essence**: Unauthenticated Local File Inclusion (LFI) in LearnPress.…

🛡️ **Root Cause**: Missing input validation on REST API parameters (`lp/v1/courses/archive-course`). <br>⚠️ **Flaw**: User-controlled input is directly passed to PHP `include` statements without sanitization. ❌

🏢 **Vendor**: ThimPress. <br>📦 **Product**: LearnPress – WordPress LMS Plugin. <br>📅 **Affected**: Versions **4.1.7.3.2 and earlier**. ⚠️

🕵️ **Privileges**: Unauthenticated access (No login needed!). <br>📂 **Data**: Read arbitrary local files. <br>🔓 **Impact**: High Confidentiality, Low Integrity, No Availability impact (CVSS 3.1). 🔑

📉 **Threshold**: **LOW**. <br>🔓 **Auth**: None required (Unauthenticated). <br>🌐 **Network**: Remote (AV:N). <br>🎯 **Complexity**: Low (AC:L). Easy to exploit! 🚀

🔥 **Public Exp**: **YES**. <br>📜 **PoC**: Available on GitHub (RandomRobbieBF) and Nuclei templates. <br>💻 **Usage**: Simple Python script to fetch `/etc/passwd`. 🐍

🔍 **Self-Check**: Scan for `lp/v1/courses/archive-course` endpoint. <br>🧪 **Test**: Inject `../../../etc/passwd` into parameters. <br>📡 **Tool**: Use Nuclei template `CVE-2022-47615.yaml`. 🛠️

🩹 **Fix**: Upgrade to version **4.2.0 or later**. <br>📢 **Source**: Patchstack and vendor release notes confirm the fix. ✅

🚧 **No Patch?**: Disable REST API endpoints if possible. <br>🛡️ **WAF**: Block requests containing `../../../` in `lp/v1/courses` paths. <br>🔒 **Access Control**: Restrict plugin access via IP whitelist. 🚫

🚨 **Priority**: **HIGH**. <br>⚡ **Urgency**: Critical due to unauthenticated nature + public PoC. <br>🏃 **Action**: Patch immediately! Do not wait. ⏳