There is a file upload vulnerability in the WordPress plugin Magic Fields before version 1.5.6. The vulnerability occurs due to a lack of validation of authentication and file type being uploaded.
Exploitation
Stages
- A remote unauthenticated attacker sends a crafted request to RCCWP_upload_ajax.php with the file that the attacker wants to upload.
- The server sends a successful response stating where the file is now stored.
- The attacker can retrieve the file at ‘/wp-content/files_mf/’.
Prerequisites
The attacker must be able to send crafted packets to the vulnerable path.
Vulnerability Description
There is a file upload vulnerability in the WordPress plugin Magic Fields before version 1.5.6. The vulnerability occurs due to a lack of validation of authentication and file type being uploaded in the file RCCWP_upload_ajax.php. The attacker can leverage this vulnerability to send a ‘multipart/form-data’ request to the server running the vulnerable plugin uploading a malicious file. From here, the attack could potentially compromise the server.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Disable the plugin until a patch is available, or seek an alternative plugin for the same activity.
Comments
0 comments
Please sign in to leave a comment.