Information disclosure in RegistrationMagic - Custom Registration Forms and User Login - CVE-2020-9458
Published: March 6, 2020
Vulnerability identifier: #VU25804
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-9458
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Registrationmagic
Affected software:
RegistrationMagic - Custom Registration Forms and User Login
RegistrationMagic - Custom Registration Forms and User Login
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the "export" function lack access control or a nonce check. A remote authenticated attacker can send a specially crafted request with the "rm_slug" $_POST parameter set to "rm_form_export", which cause the plugin to export every form on the site, including everything that had ever been submitted to any of these forms (though this does not include login credentials).
How to mitigate CVE-2020-9458
Install updates from vendor's website.