FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2023-2249

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') (CWE-98)

Published: Jun 9, 2023 / Updated: 17mo ago

010
CVSS 8.8EPSS 0.12%High
CVE info copied to clipboard

Summary

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This vulnerability is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. It affects authenticated attackers with minimal permissions, such as subscribers.

Impact

This vulnerability allows authenticated attackers with minimal permissions to retrieve the contents of sensitive files like wp-config.php hosted on the system, perform deserialization attacks potentially leading to remote code execution, and make requests to internal services. The impact on confidentiality, integrity, and availability is rated as HIGH, with a CVSS v3.1 base score of 8.8.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability affects wpForo Forum plugin versions up to and including 2.1.7. Users should update to a version newer than 2.1.7 to mitigate this vulnerability.

Mitigation

1. Update the wpForo Forum plugin to a version newer than 2.1.7 immediately. 2. If immediate updating is not possible, consider temporarily disabling the plugin until it can be updated. 3. Implement strong authentication measures and regularly audit user permissions to minimize the risk of exploitation by authenticated users with low-level permissions. 4. Monitor for any suspicious activities or unauthorized file access attempts, especially those targeting sensitive files like wp-config.php. 5. Implement network segmentation to limit the potential impact of Server-Side Request Forgery attacks on internal services.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-2249. See article

Feb 26, 2023 at 8:16 AM / planet.ubuntu.com
Threat Intelligence Report

CVE-2023-2249 is a critical vulnerability in the Wordpress Wpforo Plugin that allows remote attackers to reach internal endpoints and deploy malicious files. A proof-of-concept exploit is available on GitHub, increasing the likelihood of exploitation in the wild. Mitigations, detections, and patches are not yet available, posing a significant risk to users and potentially impacting third-party vendors who rely on the affected plugin. See article

Jul 13, 2023 at 6:59 AM
Static CVE Timeline Graph

Exploits

https://github.com/ixiacom/CVE-2023-2249
+null more

Attack Patterns

CAPEC-193: PHP Remote File Inclusion
+null more

News

Update Package 1625
Forcepoint NGFW Dynamic Updates / 14mo
Risk Vulnerability/Situation References Related Fingerprint Situation Type High Softing-Edgeaggregator-Restore-Configuration-Directory-Traversal CVE-2023-38126 File-Member-Name_Softing-Edgeaggregator-Restore-Configuration-Directory-Traversal Suspected Compromise Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description High Directory-Traversal No CVE/CAN HTTP_CSU-Dot-Dot-Slash-And-Null-Byte-Sequence Attack Related Anomalies Detection mechanism updated High Directory-Traversal No CVE/CAN HTTP_CSU-Potential-Dot-Dot-Slash-Directory-Traversal Potential Compromise Name: HTTP_CSU-Dot-Dot-Slash-Directory-Traversal->HTTP_CSU-Potential-Dot-Dot-Slash-Directory-Traversal Fingerprint regexp changed
CPAI-2023-0556
Advisories Archive - Check Point Software / 16mo
The post CPAI-2023-0556 appeared first on Check Point Software .
CVE-2023–2249: WordPress Wpforo Plugin Vulnerability Root Cause Analysis
Cybersecurity on Medium / 16mo
We can see only 2 functions have been modified between the vulnerable and the patched versions of the file namely the ‘profiles_default_cover_upload’ and ‘profile_cover_upload’ which seem to be functionalities related to profile picture upload. From rough static code analysis, it seems like the user input for profile image data which is passed as ‘image_blob’ parameter if it doesn’t conform to a certain format, it gets passed to ‘file_get_contents’ as part of the else block.
US-CERT Vulnerability Summary for the Week of June 12, 2023
RedPacket Security / 17mo
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA.
US-CERT Vulnerability Summary for the Week of June 12, 2023
RedPacket Security / 17mo
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA.
See 14 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-98(62)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial