Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2019-14205 CVE-2019-14206 |
CWE-ID | CWE-98 CWE-22 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
Vulnerable software Subscribe |
Adaptive Images for WordPress Web applications / Modules and components for CMS |
Vendor | Nevma |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU19312
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-14205
CWE-ID:
CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program
Exploit availability: Yes
Description
http://[host]/wp-content/uploads/2019/05/image.jpg?adaptive-images-settings[source_file]=../../../wp-config.php
http://[host]/wp-content/uploads/2019/05/image.jpg?adaptive-images-settings[source_file]=/etc/passwd
Install updates from vendor's website.
Vulnerable software versionsAdaptive Images for WordPress: 0.2.08 - 0.6.66
External linkshttp://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown
http://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU19313
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-14206
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to the plugin contains a cache mechanism that allows the generated resized images to be saved and cached to prevent excessive resources usage. A remote attacker can send a specially crafted file and delete arbitrary files on the system.
The only condition to successfully exploit this vulnerability is that the file that we pass as "$source_file" is newer than the file that we pass as "$cache_file".
Install updates from vendor's website.
Vulnerable software versionsAdaptive Images for WordPress: 0.2.08 - 0.6.66
External linkshttp://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown
http://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.