Site icon CleanTalk's blog

CVE-2023-3814 – Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access via Path Traversal

In the realm of WordPress plugins, a severe security vulnerability has been unveiled. A comprehensive testing process revealed a critical flaw within the Advanced File Manager plugin, specifically versions up to 5.1.1. This vulnerability exposes a significant security lapse that can potentially allow unauthorized access to files and folders through Path Traversal techniques.

Main info:

CVECVE-2023-3814
PluginAdvanced File Manager
CriticalHigh
Publicly PublishedAugust 14, 2023
Last UpdatedAugust 14, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A5: Broken Access Control
PoCYes
ExploitWill be later
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3814
https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339
Plugin Security Certification by CleanTalk

Timeline

July 13, 2023Plugin testing and vulnerability detection in the Advanced File Manager plugin have been completed
July 13, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
August 9, 2023The author has released a fix update
August 14, 2023Registered CVE-2023-3814

Discovery of the Vulnerability

During testing, it was discovered that it is possible to change the root folder that the plugin will read and show information to the user. Usually in such plugins there is a restriction on exiting the /var/www/html directory, but in this plugin the root folder can be changed to any operating system directory like /home. And you can also perform the same actions using Path Traversal /var/www/html/../../../etc or /home and so on

Understanding of Path Traversal attack’s

Path Traversal is a hacking technique that involves manipulating file paths to access files and directories beyond the intended scope. Hackers can exploit this vulnerability to break out of the restricted directory and gain access to sensitive files and directories residing in other parts of the system. Path Traversal OWASP TOP-10

Exploiting the Path Traversal vulnerability

Exploiting this Path Traversal vulnerability within the Advanced File Manager plugin could empower attackers to change the root folder, allowing them to view, access, and potentially download files from locations that are off-limits under normal circumstances.

POC:

1. Go to settings page (/wordpress/wp-admin/admin.php?page=file_manager_advanced_controls)

2. In the “Public Root Path” setting, change directory to /home or you can use Path Traversal /var/www/html/../../../home or /var/www/html/wordpress/../../../../etc

3. Then navigate to the page of plugin (/wordpress/wp-admin/admin.php?page=file_manager_advanced_ui#elf_l1_Lw)

4. You will be able to list the files/folders outside of WordPress root directory

Potential Risks and Real-World Impact

The Path Traversal vulnerability within the Advanced File Manager plugin introduces grave risks and potential scenarios:

  1. Data Exposure:
    Attackers can access and potentially download sensitive files containing confidential information, jeopardizing data privacy and integrity.
  2. Malicious Code Injection to OS folder’s:
    By manipulating file paths, hackers may insert malicious code into system files, leading to the compromise of the entire website.
  3. Escalation of Privileges:
    Exploiting this vulnerability could provide attackers with unauthorized administrative access, leading to unauthorized control and manipulation of the WordPress environment.

Recommendations for Improved Security

To fortify your WordPress website against the CVE-2023-3814 vulnerability and enhance overall security, consider implementing the following preventive measures:

By addressing the Path Traversal vulnerability within the Advanced File Manager plugin and adhering to these security recommendations, you can safeguard your WordPress website from unauthorized file and folder access, mitigating potential breaches and preserving the confidentiality of your data.

#WordPressSecurity #PathTraversalVulnerability #WebsiteSafety #StayProtected

Use CleanTalk solutions to improve the security of your website

Dmitrii i.

If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.


Check my website

CVE-2023-3814 – Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access via Path Traversal
Exit mobile version