SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Site Editor WordPress plugin local file access attempt
This event is generated when an attacker accesses an internal web server running the Site Editor WordPress plugin. Impact: Web Application Attack Details: In site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php:5, the value of the ajax_path parameter is used for including a file with PHP’s require_once(). This parameter can be controlled by an attacker and is not properly sanitized. Vulnerable code: if( isset( $_REQUEST['ajax_path'] ) && is_file( $_REQUEST['ajax_path'] ) && file_exists( $_REQUEST['ajax_path'] ) ){ require_once $_REQUEST['ajax_path']; } https://plugins.trac.wordpress.org/browser/site-editor/trunk/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?rev=1640500#L5 By providing a specially crafted path to the vulnerable parameter, a remote attacker can retrieve the contents of sensitive files on the local system. Ease of Attack: Simple, only requires a browser.
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-7422 |
Loading description
|