Lucene search
Alex SanfordWPEX-ID:D6F7FACA-DACF-4455-A837-0404803D0F25HistoryOct 16, 2023 - 12:00 a.m.
Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
2023-10-1600:00:00
Alex Sanford
23
arbitrary file deletion
ticket submission
file upload
security exploit
vulnerable version
configuration file
Description The plugin does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.
1. Visit Tickets > Settings > File Upload
2. Ensure "Enable File Upload", "Enable drag-n-drop uploader for ticket form", and "Check this to allow users to delete attachments" are checked, and save the settings.
3. As a ticket submitter, open the form to submit a ticket. Upload an attachment.
4. Remove the attachment, and intercept the request. Replace the file name with `../../../../wp-config.php`.
5. Reload the page to see that the `wp-config.php` file has been deleted.Related
cvelist
cvelist
CVE-2023-5355 Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
2023-11-06 20:41:57
cve
cve
CVE-2023-5355
2023-11-06 21:15:09
prion
prion
Code injection
2023-11-06 21:15:00
nvd
nvd
CVE-2023-5355
2023-11-06 21:15:09
wpvulndb
wpvulndb
Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
2023-10-16 00:00:00
6.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.4%
Related for WPEX-ID:D6F7FACA-DACF-4455-A837-0404803D0F25