RVM – Responsive Vector Maps < 6.4.2 – Subscriber+ Arbitrary File Read | CVE 2021-24947 | Plugin Vulnerabilities

Description

The plugin does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server

Proof of Concept

As a subscriber, open https://example.com/wp-admin/admin-ajax.php?action=rvm_import_regions&nonce=5&rvm_mbe_post_id=1&rvm_upload_regions_file_path=/etc/passwd and view the source to get the data

Affects Plugins

responsive-vector-maps

Fixed in 6.4.2

References

CVE

Classification

Type

FILE DOWNLOAD

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc

Verified

Yes

WPVDB ID

c6bb12b1-6961-40bd-9110-edfa9ee41a18

Timeline

Publicly Published

2022-01-06 (about 3 years ago)

Added

2022-01-06 (about 3 years ago)

Last Updated

2022-04-12 (about 3 years ago)

Other

Published

Title

Published

2022-11-10

Title

S2W - Import Shopify to WooCommerce < 1.1.13 - Admin+ Arbitrary File Access

Published

2023-07-20

Title

Jupiter X Core < 4.6.9 - Unauthenticated Arbitrary File Download

Published

2022-11-28

Title

Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download

Published

2021-08-31

Title

DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download

Published

2023-09-25

Title

NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete