Vulnerability identifier: #VU15912

Vulnerability risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Accelerated Mobile Pages
Web applications / Modules and components for CMS

Vendor: AMP Project

Description
The vulnerability allows a remote low-privileged attacker to inject malicious code on the targeted website.

The weakness exists in the ampforwp_save_steps_data which is called to save settings during the installation wizard that's been registered wp_ajax_ampforwp_save_installer ajax hook due to insufficient validation of user-supplied input. A remote attacker can supply a specially crafted input to inject arbitrary code on AMP pages.

Mitigation
Update to version 0.9.97.20.

Vulnerable software versions

Accelerated Mobile Pages: All versions

---

External links
http://www.webarxsecurity.com/amp-plugin-vulnerability/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.