Main Vulnerability Database Vulnerabilities #VU17696

Path traversal in WP Cost Estimation - #VU17696

Published: February 14, 2019 / Updated: February 16, 2019

Vulnerability identifier: #VU17696

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: N/A

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Loopus Plugins

Affected software:
WP Cost Estimation

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient patch released in version 9.644. The name of the uploaded file is constructed from a user-supplied value passed via $formSession variable. A remote authenticated attacker can upload an arbitrary file, change the session variable value to a string, containing directory traversal characters (e.g. "../"), bypass the implemented path traversal protection and upload arbitrary file to the system.

Successful exploitation of this vulnerability may result in website compromise.

Remediation

Install update from vendor's website.

Sources

https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/

Path traversal in WP Cost Estimation - #VU17696

Detailed vulnerability description

Remediation

Sources

Please verify you're human