Path traversal lead to arbitrary file reading
-
iThemes Security’s daily scan just reported this plugin to me as having a “Authenticated Path Traversal to Arbitrary File Access” vulnerability. The report links to this story from August 11:
https://medium.com/@hoanhp/0-day-story-3-add-from-server-b06244c1ea6b
How severe is this issue? And is there (or will there be) a patch or update to address it?
-
Hi,
This plugin is intentional in how it works – it allows accessing any file on the server by design.
It should not be used by untrusted users on a site.The security report is nothing more than missing the fact there’s a link on the page that goes to that exact place (so no URL modifications required).
If it’s being used on a server with untrusted users, there’s an option in the plugin settings to lock it to a specific
Root Directorywhich will prevent untrusted users being able to access all server files (Untrusted users being non-administrators, administrators can install plugins/edit plugins/etc and as such are trusted users that can access things like that).This plugin should really not be used today, there’s almost zero reason to use it, use the browser upload tools or contact your webhost to fix it so that the uploader works for you. 13 years ago when this plugin was written there was a real need, today not so much.
tl;dr: There’s no security issue here, it’s working exactly how it’s intended to, but you probably shouldn’t be using it.
- The topic ‘Path traversal lead to arbitrary file reading’ is closed to new replies.
