CVE-2022-50954

MEDIUM

WordPress Plugin cab-fare-calculator 1.0.3 Local File Inclusion

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50954. PoCs published by Hassan Khan Yusufzai.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the WordPress plugin 'cab-fare-calculator' version 1.0.3. The vulnerability arises from unsanitized user input in the 'controller' parameter, allowing arbitrary file inclusion and potential code execution.

Description

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to include arbitrary files outside the intended controllers directory.

Exploits (1)

exploitdb WORKING POC

by Hassan Khan Yusufzai · textwebappsphp

https://www.exploit-db.com/exploits/50843

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the WordPress plugin 'cab-fare-calculator' version 1.0.3. The vulnerability arises from unsanitized user input in the 'controller' parameter, allowing arbitrary file inclusion and potential code execution.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin cab-fare-calculator 1.0.3

No auth needed

Prerequisites: WordPress installation with vulnerable plugin · Access to the plugin's tblight.php file

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 10, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-50843

https://www.exploit-db.com/exploits/50843

Product product

Official Product Homepage

https://wordpress.org/plugins/cab-fare-calculator/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin cab-fare-calculator 1.0.3 Local File Inclusion

https://www.vulncheck.com/advisories/wordpress-plugin-cab-fare-calculator-local-file-inclusion

Scores

CVSS v3 6.2

EPSS 0.0039

EPSS Percentile 30.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-98

Status published

Products (1)

cab-fare-calculator/cab-fare-calculator 1.0.3

Published May 10, 2026

Tracked Since May 10, 2026