Aperçu
The WordPress File Manager plugin versions prior to 6.9 contains a critical unauthenticated remote code execution vulnerability. An attacker can upload arbitrary PHP files through the plugin without authentication, allowing execution of malicious code on the affected WordPress installation. La vulnérabilité a été divulguée le September 9, 2020. CISA a identifié CVE-2020-25213 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
The WordPress File Manager plugin fails to properly validate and restrict file uploads, allowing unauthenticated users to upload arbitrary PHP files to the server. The vulnerability exists in the plugin's file upload functionality, which does not require authentication or implement adequate file type validation. Once uploaded, the PHP files can be executed by accessing them through the web server, leading to complete compromise of the WordPress installation.
La vulnérabilité est classifiée comme CWE-434 (Unrestricted Upload of File with Dangerous Type) etCWE-862 (Missing Authorization) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Successful exploitation allows an unauthenticated attacker to gain complete control of the affected WordPress installation. An attacker can upload a PHP web shell, execute arbitrary code with the privileges of the web server user, steal sensitive data including database credentials and user information, modify site content, inject malicious code into the website, create backdoors for persistent access, launch further attacks against other systems on the network, or completely take down the website.
Mitigation et contournements
Update the File Manager plugin to version 6.9 or later through WordPress dashboard: Plugins > Installed Plugins > File Manager > Update Now. Alternatively, manually download and install the patched version from wordpress.org/plugins/file-manager/ Les versions suivantes incluent les correctifs nécessaires : 6.9, 6.9.1, 6.9.2.
Comme contournements temporaires : disable the file manager plugin immediately if an update is not available. deactivate and delete the plugin from plugins menu.; restrict access to the plugin's upload endpoint using web application firewall (waf) rules or server-level configuration (.htaccess for apache or nginx rules) to block requests to the vulnerable upload endpoints.; configure php execution settings to disable php execution in the upload directories using .htaccess rules: 'php_flag engine off' or nginx configuration to prevent php execution in wp-content/plugins directories., et monitor upload directories and web server logs for suspicious file uploads and execute attempts, particularly looking for newly uploaded .php files in plugin directories..
Recommandation de CISA : Apply updates per vendor instructions.
Ressources additionnelles
Source : Ce rapport a été généré par IA
