Error Log Viewer < 1.1.3 – Directory Listing to Sensitive Data Exposure | CVE 2023-6821

Description

The plugin contains a vulnerability that allows you to read and download PHP logs without authorization

Proof of Concept

1) Admin should click on "Save as TXT file" in http://your_site/wordpress/wp-admin/admin.php?page=rrrlgvwr-monitor.php
2) Then someone else can go to wordpress/wp-content/plugins/error-log-viewer/saved_logs and download log file from Index of Title

Affects Plugins

error-log-viewer

Fixed in 1.1.3

References

CVE

CVE-2023-6821

URL

https://research.cleantalk.org/cve-2023-6821/

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

6b1a998d-c97c-4305-b12a-69e29408ebd9

Timeline

Publicly Published

2024-02-20 (about 2 months ago)

Added

2024-02-20 (about 2 months ago)

Last Updated

2024-02-27 (about 2 months ago)

Other

Published

Title

Published

2023-11-28

Title

BigCommerce <= 5.0.7 - Unauthenticated Sensitive Information Exposure

Published

2024-03-11

Title

f(x) Private Site <= 1.2.1 - Sensitive Information Exposure

Published

2023-12-28

Title

Send Users Email < 1.4.4 - Sensitive Information Exposure via Error Logs

Published

2024-04-26

Title

Contact Form 7 Database Addon – CFDB7 < 1.2.7 - Unauthenticated Sensitive Information Exposure

Published

2024-02-02

Title

Post Thumbnail Editor <= 2.4.8 - Sensitive Information Exposure