There is an arbitrary file upload vulnerability in the WordPress Plugin ‘PitchPrint’ versions 7.1/7.1.1. The vulnerability is caused by a lack of validation on the file type being uploaded to the server. There is no check in place to ascertain if the file is an image. An unauthenticated attacker can upload a malicious PHP file to the vulnerable system by sending a request to ‘wp-content/plugins/pitchprint/uploader’.
Exploitation
Stages
- An unauthenticated attacker sends a request attempting to upload a file to ‘wp-content/plugins/pitchprint/uploader’.
- The server responds successfully with the location of the uploaded file.
- The attacker can access their uploaded file at ‘wp-content/plugins/pitchprint/uploader/files/’.
Prerequisites
The attacker may footprint the target system to ascertain whether the vulnerable plugin is installed.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Upgrade to a non-vulnerable version to mitigate this vulnerability.
Comments
0 comments
Please sign in to leave a comment.