During routine security testing of the Quttera Web Malware Scanner plugin, a critical vulnerability known as Path Traversal was identified. This flaw permits the unauthorized retrieval of files from locations outside the designated WordPress directory. The issue was discovered through a meticulous examination of the plugin’s functionalities.

Main info:

CVECVE-2023-6222
PluginQuttera Web Malware Scanner
CriticalHigh
All Time3 015 871
Active installations10,000+
Publicly PublishedNovember 22, 2023
Last UpdatedNovember 22, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A1: Injection
PoCYes
ExploitWill be later
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6222
https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-fc55d1bde130/
Plugin Security Certification by CleanTalk

Timeline

November 8, 2023Plugin testing and vulnerability detection in the Quttera Web Malware Scanner plugin have been completed
November 8, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
November 20, 2023The author fixed the vulnerability and released the plugin update
November 22, 2023Registered CVE-2023-6222

Discovery of the Vulnerability

In the process of testing the plugin, Path Traversal vulnerabilities were found, which allows downloading files that are located outside the WordPress folder by bypassing the directories and the main logic of the plugin

Understanding of Path Traversal attack’s

Path Traversal is a type of vulnerability that allows an attacker to access files or directories that are outside the intended scope of the application. In the context of WordPress, this means an assailant could maneuver through directories to fetch sensitive files that should remain inaccessible.

In the case of Quttera Web Malware Scanner, the vulnerability allows an attacker to bypass the established plugin directories and logic, thereby gaining access to files located outside the WordPress folder. This could include critical system files or other sensitive information.

Exploiting the Path Traversal Vulnerability

Exploiting Path Traversal involves manipulating file paths to access directories and files that should be restricted. In the context of Quttera Web Malware Scanner, an attacker could craft requests that navigate beyond the WordPress directory, ultimately allowing the download of files from unauthorized locations.

A potential exploit might involve injecting payloads like “../../../../../etc/passwd” into requests, effectively tricking the plugin into retrieving and providing access to sensitive files.

POC:

1) Go to http://your_site/wordpress/wp-admin/admin.php?page=quttera_wm_scanner_int

2) Click “Scan Now”

3) Click “Detected Threats”

4) Navigate to some Suspicious file and click “Show File”

5) Change FILE_PATH to ../../../../../../../../etc/passwd

___

The potential risks associated with this Path Traversal vulnerability are severe. An attacker could access critical system files, configuration files, or any other data located outside the WordPress directory. This could lead to a complete compromise of the affected system, data breaches, and unauthorized access.

In real-world scenarios, an exploit of this vulnerability could result in the unauthorized retrieval of database credentials, compromising user data, and potentially enabling a broader attack on the hosting environment.

Recommendations for Improved Security

To mitigate the risks associated with this vulnerability, immediate action should be taken:

  • Update the Plugin: Check for the latest version of Quttera Web Malware Scanner and update to it promptly, as the vendor may have released a patch addressing this vulnerability.
  • Implement Web Application Firewall (WAF): Utilize a WAF to filter and monitor HTTP traffic between a web application and the Internet, providing an additional layer of security.
  • Regular Security Audits: Conduct regular security audits of WordPress plugins, themes, and core files to identify and address potential vulnerabilities.
  • Follow Least Privilege Principle: Restrict permissions and access rights to the minimum necessary for proper functionality.
  • Update to the Latest Version: Ensure the File Manager plugin is updated to the latest version to benefit from security patches.

By promptly addressing this vulnerability and implementing the recommended security measures, the risk of exploitation can be significantly reduced, ensuring the continued integrity of the WordPress environment.

#WordPressSecurity #PathTraversal #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2023-6222 – Quttera Web Malware Scanner < 3.4.2.1 - Path Traversal - POC

Leave a Reply

Your email address will not be published. Required fields are marked *