Improper access control in Popup Maker - Popup Forms, Optins & More - CVE-2019-17574
Published: October 21, 2019
Vulnerability identifier: #VU21964
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2019-17574
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Daniel Iser
Affected software:
Popup Maker - Popup Forms, Optins & More
Popup Maker - Popup Forms, Optins & More
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to calls which can be performed and require no authentication. A remote attacker can call any method which contains an action starting from "popmake_" or "pum_", execute functions which do not require arguments (e.g: PUM_Admin_Tools::sysinfo_download or PUM_Admin_Tools::sysinfo_display) and obtain information regarding WordPress Plugins (active/inactive), the Webserver Configuration, the PHP Configuration and more.
PoC:
- curl http://www.your-domain-with-popup-maker.com/?pum_action=tools_page_tab_system_info
- curl -v -d “popmake_action=popup_sysinfo&popmake-sysinfo=choose any content you like” -X POST http://www.your-domain-with-popup-maker.com/
How to mitigate CVE-2019-17574
Install updates from vendor's website.