Remote PHP code execution in Snap Creek Duplicator plugin for WordPress



Published: 2018-09-05 | Updated: 2018-09-15
Risk Critical
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-284
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software
Subscribe 		SnapCreek Duplicator
Web applications / Modules and components for CMS

Vendor SnapCreek

Security Bulletin

This security bulletin contains information about 1 vulnerabilities.

Updated: 15.09.2018
Severity rating was raised due to in the wild exploitation of the vulnerability.

1) Improper access control

EUVDB-ID: #VU14790

Risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.

The vulnerability exists due to the web application does not restrict access to the installation script "/installer-backup.php" or "/installer.php" script. A remote unauthenticated attacker can upload malicious file via HTTP POST request and execute arbitrary PHP code on the target system.

Note: the vulnerability is being actively exploited in the wild in September 2018.

Mitigation

Update to version 1.2.42.

Vulnerable software versions

SnapCreek Duplicator: 1.2.0 - 1.2.40

External links

http://www.synacktiv.com/ressources/advisories/WordPress_Duplicator-1.2.40-RCE.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###