New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WordPress File Delete to Code Execution
Hello,
Lately i have been working hard to migrate our clients from vestacp which got hacked twice to virtualmin, its port was already temporary blocked until further notice and i have finally decided to give our clients some old virutalmin instead and while doing so i have found this https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
Lucky, you must have an account to execute this vuln else it would have been a disaster to every live WordPress.
Temp fix in your theme functions.php place this hook.
add_filter( 'wp_update_attachment_metadata', 'rips_unlink_tempfix' );
>
function rips_unlink_tempfix( $data ) {
if( isset($data['thumb']) ) {
$data['thumb'] = basename($data['thumb']);
}
>
return $data;
}
Thanked by 1ariq01
Comments
Yup, IIRC from a post, they knew about this since long time but haven't released a patch yet.
update your WordPress guys, the issue has been fixed.
https://codex.wordpress.org/Version_4.9.7
WordPress versions 4.9.6 and earlier are affected by a file deletion issue where a user with the capability to edit and delete media files could potentially manipulate media metadata to attempt to delete files outside the uploads directory.