The Giribaz file manager plugin <= v5.0.0 for WordPress contains an information disclosure vulnerability as a result of the plugin’s verbose logging functionality. The plugin logs all file activity to the '/wp-content/uploads/file-manager/log.txt' file which is publicly accessible. Should the plugin be used to interact with a file containing sensitive information (such as the 'wp-config.php' file), the contents of that file would be added to the log and be exposed.
- An unauthenticated remote attacker requests the Giribaz file manager log file located in the default WordPress upload directory.
- The server returns the contents of the log file including the contents of the files managed using the plugin.
The attacker must be able to send arbitrarily crafted packets to a publicly accessible, internet facing endpoint.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Upgrade to a non-vulnerable version to mitigate this vulnerability.