In the realm of WordPress plugins, a severe security vulnerability has been unveiled. A comprehensive testing process revealed a critical flaw within the Advanced File Manager plugin, specifically versions up to 5.1.1. This vulnerability exposes a significant security lapse that can potentially allow unauthorized access to files and folders through Path Traversal techniques.
Main info:
| CVE | CVE-2023-3814 |
| Plugin | Advanced File Manager |
| Critical | High |
| Publicly Published | August 14, 2023 |
| Last Updated | August 14, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A5: Broken Access Control |
| PoC | Yes |
| Exploit | Will be later |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3814 https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339 |
| Plugin Security Certification by CleanTalk |  |
Timeline
| July 13, 2023 | Plugin testing and vulnerability detection in the Advanced File Manager plugin have been completed |
| July 13, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| August 9, 2023 | The author has released a fix update |
| August 14, 2023 | Registered CVE-2023-3814 |
Discovery of the Vulnerability
During testing, it was discovered that it is possible to change the root folder that the plugin will read and show information to the user. Usually in such plugins there is a restriction on exiting the /var/www/html directory, but in this plugin the root folder can be changed to any operating system directory like /home. And you can also perform the same actions using Path Traversal /var/www/html/../../../etc or /home and so on
Understanding of Path Traversal attack’s
Path Traversal is a hacking technique that involves manipulating file paths to access files and directories beyond the intended scope. Hackers can exploit this vulnerability to break out of the restricted directory and gain access to sensitive files and directories residing in other parts of the system. Path Traversal OWASP TOP-10
Exploiting the Path Traversal vulnerability
Exploiting this Path Traversal vulnerability within the Advanced File Manager plugin could empower attackers to change the root folder, allowing them to view, access, and potentially download files from locations that are off-limits under normal circumstances.
POC:
1. Go to settings page (/wordpress/wp-admin/admin.php?page=file_manager_advanced_controls)
2. In the “Public Root Path” setting, change directory to /home or you can use Path Traversal /var/www/html/../../../home or /var/www/html/wordpress/../../../../etc
3. Then navigate to the page of plugin (/wordpress/wp-admin/admin.php?page=file_manager_advanced_ui#elf_l1_Lw)
4. You will be able to list the files/folders outside of WordPress root directory
Potential Risks and Real-World Impact
The Path Traversal vulnerability within the Advanced File Manager plugin introduces grave risks and potential scenarios:
- Data Exposure:
Attackers can access and potentially download sensitive files containing confidential information, jeopardizing data privacy and integrity. - Malicious Code Injection to OS folder’s:
By manipulating file paths, hackers may insert malicious code into system files, leading to the compromise of the entire website. - Escalation of Privileges:
Exploiting this vulnerability could provide attackers with unauthorized administrative access, leading to unauthorized control and manipulation of the WordPress environment.
Recommendations for Improved Security
To fortify your WordPress website against the CVE-2023-3814 vulnerability and enhance overall security, consider implementing the following preventive measures:
- Immediate Plugin Update:
Upgrade to Advanced File Manager plugin version 5.1.2 or higher. This update addresses the Path Traversal vulnerability and strengthens security. - Input Validation:
Developers should incorporate robust input validation mechanisms to ensure that user-provided data is sanitized and restricted to authorized directories. - Regular Security Audits:
Conduct regular security assessments and penetration tests on WordPress installations to identify and remediate potential vulnerabilities proactively. - User Awareness:
Educate administrators about the risks of clicking on unknown links or visiting suspicious websites, emphasizing the importance of vigilance.
By addressing the Path Traversal vulnerability within the Advanced File Manager plugin and adhering to these security recommendations, you can safeguard your WordPress website from unauthorized file and folder access, mitigating potential breaches and preserving the confidentiality of your data.
#WordPressSecurity #PathTraversalVulnerability #WebsiteSafety #StayProtected
Use CleanTalk solutions to improve the security of your website
Dmitrii i.
If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.
Related posts
CVE-2023-3664 – FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access
CVE-2023-4019 – Media from FTP < 11.17 - Author + Arbitrary File Access via Path Traversal
Plugin Security Certification: “File Manager Pro” — Filester Version 1.8.1: Enhanced Security
CVE-2023-4827 – File Manager Pro < 1.8 - Remote Code Execution via CSRF
CVE-2023-4238 – Prevent files / folders access < 2.5.2 - Remote Code Execution
CVE-2023-4725 – Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS
CVE-2023-4933 – WP Job Openings < 3.4.3 – Sensitive Data Exposure via Directory Listing
