During routine security testing of the Quttera Web Malware Scanner plugin, a critical vulnerability known as Path Traversal was identified. This flaw permits the unauthorized retrieval of files from locations outside the designated WordPress directory. The issue was discovered through a meticulous examination of the plugin’s functionalities.
Main info:
CVE | CVE-2023-6222 |
Plugin | Quttera Web Malware Scanner |
Critical | High |
All Time | 3 015 871 |
Active installations | 10,000+ |
Publicly Published | November 22, 2023 |
Last Updated | November 22, 2023 |
Researcher | Dmtirii Ignatyev |
OWASP TOP-10 | A1: Injection |
PoC | Yes |
Exploit | Will be later |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6222 https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-fc55d1bde130/ |
Plugin Security Certification by CleanTalk | |
Timeline
November 8, 2023 | Plugin testing and vulnerability detection in the Quttera Web Malware Scanner plugin have been completed |
November 8, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
November 20, 2023 | The author fixed the vulnerability and released the plugin update |
November 22, 2023 | Registered CVE-2023-6222 |
Discovery of the Vulnerability
In the process of testing the plugin, Path Traversal vulnerabilities were found, which allows downloading files that are located outside the WordPress folder by bypassing the directories and the main logic of the plugin
Understanding of Path Traversal attack’s
Path Traversal is a type of vulnerability that allows an attacker to access files or directories that are outside the intended scope of the application. In the context of WordPress, this means an assailant could maneuver through directories to fetch sensitive files that should remain inaccessible.
In the case of Quttera Web Malware Scanner, the vulnerability allows an attacker to bypass the established plugin directories and logic, thereby gaining access to files located outside the WordPress folder. This could include critical system files or other sensitive information.
Exploiting the Path Traversal Vulnerability
Exploiting Path Traversal involves manipulating file paths to access directories and files that should be restricted. In the context of Quttera Web Malware Scanner, an attacker could craft requests that navigate beyond the WordPress directory, ultimately allowing the download of files from unauthorized locations.
A potential exploit might involve injecting payloads like “../../../../../etc/passwd” into requests, effectively tricking the plugin into retrieving and providing access to sensitive files.
POC:
1) Go to http://your_site/wordpress/wp-admin/admin.php?page=quttera_wm_scanner_int
2) Click “Scan Now”
3) Click “Detected Threats”
4) Navigate to some Suspicious file and click “Show File”
5) Change FILE_PATH to ../../../../../../../../etc/passwd
___
The potential risks associated with this Path Traversal vulnerability are severe. An attacker could access critical system files, configuration files, or any other data located outside the WordPress directory. This could lead to a complete compromise of the affected system, data breaches, and unauthorized access.
In real-world scenarios, an exploit of this vulnerability could result in the unauthorized retrieval of database credentials, compromising user data, and potentially enabling a broader attack on the hosting environment.
Recommendations for Improved Security
To mitigate the risks associated with this vulnerability, immediate action should be taken:
- Update the Plugin: Check for the latest version of Quttera Web Malware Scanner and update to it promptly, as the vendor may have released a patch addressing this vulnerability.
- Implement Web Application Firewall (WAF): Utilize a WAF to filter and monitor HTTP traffic between a web application and the Internet, providing an additional layer of security.
- Regular Security Audits: Conduct regular security audits of WordPress plugins, themes, and core files to identify and address potential vulnerabilities.
- Follow Least Privilege Principle: Restrict permissions and access rights to the minimum necessary for proper functionality.
- Update to the Latest Version: Ensure the File Manager plugin is updated to the latest version to benefit from security patches.
By promptly addressing this vulnerability and implementing the recommended security measures, the risk of exploitation can be significantly reduced, ensuring the continued integrity of the WordPress environment.
#WordPressSecurity #PathTraversal #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.