During a comprehensive assessment of the Quttera Web Malware Scanner plugin, a significant vulnerability was identified. This flaw allows unauthorized access to detailed scan logs, revealing sensitive information such as local paths and portions of code. The discovery was made through a systematic examination of the plugin’s functionalities.
Main info:
| CVE | CVE-2023-6065 |
| Plugin | Quttera Web Malware Scanner |
| Critical | High |
| All Time | 3 015 871 |
| Active installations | 10,000+ |
| Publicly Published | November 22, 2023 |
| Last Updated | November 22, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A1: Injection |
| PoC | Yes |
| Exploit | Will be later |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6065 https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-911dfaf2dda5/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| November 8, 2023 | Plugin testing and vulnerability detection in the Quttera Web Malware Scanner plugin have been completed |
| November 8, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| November 20, 2023 | The author fixed the vulnerability and released the plugin update |
| November 22, 2023 | Registered CVE-2023-6065 |
Discovery of the Vulnerability
In the process of testing the plug-ins, a vulnerability was found that allows you to view detailed scan logs and their brief description indicating local paths and part of the code.
Understanding of Directory Listing to Sensitive Data Exposure attack’s
Exploiting this vulnerability involves accessing URLs that reveal the directory listing of sensitive files. Attackers can manually navigate through directories containing scan logs and download files that disclose local paths and code snippets. This information could be leveraged for further attacks, including identifying additional vulnerabilities in the system.
Exploiting the Directory Listing to Sensitive Data Exposure Vulnerability
The potential risks associated with Directory Listing to Sensitive Data Exposure are severe. An attacker gaining access to detailed scan logs can exploit the disclosed information to understand the system’s structure, identify vulnerabilities, and potentially launch more targeted attacks.
In real-world scenarios, this vulnerability could lead to unauthorized disclosure of sensitive data, exposing critical information about the WordPress environment and facilitating subsequent attacks.
POC:
http://your_site/wordpress/wp-content/plugins/quttera-web-malware-scanner/runtime.log
http://your_site/wordpress/wp-content/plugins/quttera-web-malware-scanner/quttera_wp_report.txt
___
Recommendations for Improved Security
To mitigate the risks associated with this vulnerability, consider the following recommendations:
- Update the Plugin: Ensure that the Quttera Web Malware Scanner plugin is updated to the latest version, as the vendor may have released patches addressing this vulnerability.
- Implement Access Controls: Restrict access to sensitive directories by configuring proper access controls. Only authorized users should be able to access and download scan logs.
- Regular Security Audits: Conduct regular security audits of WordPress plugins, themes, and core files to identify and address potential vulnerabilities.
- Follow Principle of Least Privilege: Limit permissions and access rights to the minimum necessary for proper functionality.
By taking these measures, the risk of exploitation of this vulnerability can be significantly reduced, enhancing the overall security posture of the WordPress environment.
#WordPressSecurity #DirectoryListing #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
