To discover whether an installation of this software is vulnerable, an attacker can try to create a file via the upload_file() function and check if the code is vulnerable. If the code is vulnerable, an attacker can execute arbitrary code on the system via a crafted upload.
This issue was discovered by Pedro G. Sujeck. Was this issue fixed in this version? No. Unfortunately, this issue still occurs in this version. If you suspect that your website is still vulnerable, you can test further by creating a file with a special extension. For example, it is possible to create a .php file and upload it via the upload_file() function. If you can successfully upload this file, it is likely that this issue still occurs. What is the best way to patch this issue? In order to patch this issue, you will need to update your server software. In most cases, this issue is caused by a misconfiguration in the server software. After updating the server software, you will need to restart the Apache, Nginx, or other web server software. After restarting the web server software, you will need to upload a new version of your website to prevent this issue from occurring in the future. Was this issue fixed in v1.0? No. Unfortunately, this issue still occurs in v1.0. If you suspect that your website is still vulnerable, you can test further by creating a file with a special extension. For example, it is possible to
Vulnerability details
An issue was found in the upload_file() function that could be exploited by an attacker to execute arbitrary code on the system via a crafted upload.
4.1: Overview of WordPress File Handling and upload() Function
The upload_file() function allows an attacker to create files on the server via the wp-admin/includes/media.php file and check if the code is vulnerable. If the code is vulnerable, an attacker can execute arbitrary code on the system via a crafted upload.
This issue was discovered by Pedro G. Sujeck. Was this issue fixed in this version? No. Unfortunately, this issue still occurs in this version. If you suspect that your website is still vulnerable, you can test further by creating a file with a special extension. For example, it is possible to create a .php file and upload it via the upload_file() function. If you can successfully upload this file, it is likely that this issue still occurs. What is the best way to patch this issue? In order to patch this issue, you will need to update your server software. In most cases, this issue is caused by a misconfiguration in the server software. After updating the server software, you will need to restart the Apache, Nginx, or other web server software. After restarting the web server software, you will need to upload a new version of your website to prevent this issue from occurring in the future. Was this issue fixed in v1.0? No
No
How to find if your website is still vulnerable?
To find out if the issue is still present, you can create a file with a specific extension. For example, it is possible to create a .php file and upload it via the upload_file() function. If you can successfully upload this file, it is likely that this issue still occurs.
Timeline
Published on: 09/22/2022 22:15:00 UTC
Last modified on: 09/26/2022 14:13:00 UTC
References
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-college-website.zip
- https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html
- https://gowthamaraj-rajendran.medium.com/simple-college-website-1-0-unauthenticated-arbitrary-file-upload-rce-44341831bec8
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40087