Versions <=0.2 of the Asset-Manager WordPress plugin allow unauthenticated and arbitrary file uploads via upload.php. Attackers can upload executable PHP files and achieve remote code execution (RCE).
Exploitation
Stages
- The attacker sends HTTP POST with the arbitrary file. The Asset-Manager plugin stores files in /wp-content/uploads/.
- The attacker accesses the uploaded PHP file and achieves RCE.
Prerequisites
The attacker can access and upload unauthenticated and arbitrary files.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Update the software to a non-vulnerable version.
Comments
0 comments
Please sign in to leave a comment.