Improper Privilege Management in Nicdark Travel Management for WordPress



Published: 2019-08-03 | Updated: 2019-08-05
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-269
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Travel Management
Web applications / Modules and components for CMS

Vendor Nicdark

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper Privilege Management

EUVDB-ID: #VU19927

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privilege on the target system.

The vulnerability exists due to the missing capability check in the ‘update_option’ function. A remote attacker can send a specially crafted AJAX request to the "nd_options_import_settings_php_function" and change the blog settings, for instance the site URL, the admin email address, user roles and capabilities, or give administrator privilege to any new registered user. 


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Travel Management: 1.0 - 1.5

External links

http://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-travel-management-plu...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###