Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbAlex SanfordWPVDB-ID:D6F7FACA-DACF-4455-A837-0404803D0F25
HistoryOct 16, 2023 - 12:00 a.m.

Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion

2023-10-1600:00:00
Alex Sanford
wpscan.com
1
awesome support
plugin
vulnerability
file deletion
security

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

Description The plugin does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.

PoC

1. Visit Tickets > Settings > File Upload 2. Ensure “Enable File Upload”, “Enable drag-n-drop uploader for ticket form”, and “Check this to allow users to delete attachments” are checked, and save the settings. 3. As a ticket submitter, open the form to submit a ticket. Upload an attachment. 4. Remove the attachment, and intercept the request. Replace the file name with ../../../../wp-config.php. 5. Reload the page to see that the wp-config.php file has been deleted.

CPENameOperatorVersion
eq6.1.5

Related

prion 1
cvelist 1
cve 1
wpexploit 1
nvd 1
prion
prion
Code injection
2023-11-06 21:15:00
cvelist
cvelist
CVE-2023-5355 Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
2023-11-06 20:41:57
cve
cve
CVE-2023-5355
2023-11-06 21:15:09
wpexploit
wpexploit
Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
2023-10-16 00:00:00
nvd
nvd
CVE-2023-5355
2023-11-06 21:15:09

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON
Related for WPVDB-ID:D6F7FACA-DACF-4455-A837-0404803D0F25
prion1cvelist1cve1wpexploit1nvd1