CVE-2018-25326

Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php

CVSS 8.7 HIGHEPSS 0.6%CWE-22

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

wp-google-drive · Google Drive

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44435unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lenonleite.com.br/https://www.exploit-db.com/exploits/44435 https://www.vulncheck.com/advisories/google-drive-for-wordpress-path-traversal-rce-via-gdrive-ajaxs-php