WordPress Plugin Vulnerabilities
Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
Description
The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
Proof of Concept
On Web Servers other than Windows, the /wp-content/plugins/error-log-viewer/saved_logs/ folder must exist for the attack to be successful, on Windows ones, there is no need for it To delete the readme.txt of the plugin: https://example.com/wp-admin/admin.php?page=rrrlgvwr-monitor.php&saved_logs_action=delete&rrrlgvwr_check_del=../readme
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-12-29 (about 2 years ago)
Added
2021-12-29 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)