Admin-Ahead Community
General Category => General Discussion => Topic started by: nidhinjo on June 23, 2018, 10:31:29 pm
-
The remote WordPress server utilizes a third-party plugin which is prone to an arbitrary file download vulnerability.WP Hide Security Enhancer version 1.3.9.2 or less is victim of an Arbitrary File Download vulnerability. This allows any visitor to download any file in our installation. This signature detects HTTP requests that attempt to exploit a remote file include vulnerability in the Wordpress links.all.php script. Wordpress allows users to generate news pages and weblogs dynamically. It uses PHP and a MySQL database to generate dynamic pages.
A vulnerability has been reported for Wordpress. The problem is said to occur due to insufficient sanitization of user-supplied URI parameters. Specifically the '$abspath' variable, which is used as an argument to the PHP require() function, is not sufficiently sanitized of malicious input. As a result, an attacker may be capable of including a malicious 'blog.header.php' from a controlled web server. This may result in the execution of PHP commands located within the script. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary PHP commands on a target server, with the privileges of Wordpress.
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Affected
WordPress version under 3.7.6
Solution
Upgrade to latest Wordpress version.