Vulnerability-Lookup

CNVD-2022-69135

Vulnerability from cnvd - Published: 2022-10-13

Title

WordPress Motor theme授权问题漏洞

Description

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 WordPress Motor theme 3.1.0之前版本存在授权问题漏洞，该漏洞源于的Motor_load_more、motor_gallery_load_more、motor_quick_view 和 motor_project_quick_view AJAX处理程序中缺少身份验证。攻击者可利用该漏洞访问任意服务器文件系统中的文件,并执行任意php脚本发现服务器上的文件系统。

Severity

高

Patch Name

WordPress Motor theme授权问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://wpscan.com/vulnerability/d9518429-79d3-4b13-88ff-3722d05efa9f

Reference

https://jetpack.com/2021/06/09/motor-wordpress-theme-vulnerabilities/

Impacted products

Name
WordPress Motor theme <3.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24375",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-24375"
    }
  },
  "description": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nWordPress Motor theme 3.1.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7684Motor_load_more\u3001motor_gallery_load_more\u3001motor_quick_view \u548c motor_project_quick_view AJAX\u5904\u7406\u7a0b\u5e8f\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u4efb\u610f\u670d\u52a1\u5668\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u6587\u4ef6,\u5e76\u6267\u884c\u4efb\u610fphp\u811a\u672c\u53d1\u73b0\u670d\u52a1\u5668\u4e0a\u7684\u6587\u4ef6\u7cfb\u7edf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wpscan.com/vulnerability/d9518429-79d3-4b13-88ff-3722d05efa9f",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-69135",
  "openTime": "2022-10-13",
  "patchDescription": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\r\n\r\nWordPress Motor theme 3.1.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7684Motor_load_more\u3001motor_gallery_load_more\u3001motor_quick_view \u548c motor_project_quick_view AJAX\u5904\u7406\u7a0b\u5e8f\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u4efb\u610f\u670d\u52a1\u5668\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u6587\u4ef6,\u5e76\u6267\u884c\u4efb\u610fphp\u811a\u672c\u53d1\u73b0\u670d\u52a1\u5668\u4e0a\u7684\u6587\u4ef6\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress Motor theme\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Motor theme \u003c3.1.0"
  },
  "referenceLink": "https://jetpack.com/2021/06/09/motor-wordpress-theme-vulnerabilities/",
  "serverity": "\u9ad8",
  "submitTime": "2021-07-07",
  "title": "WordPress Motor theme\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2021-24375 (GCVE-0-2021-24375)

Vulnerability from cvelistv5 – Published: 2021-07-06 11:03 – Updated: 2024-08-03 19:28

Title

Motor theme < 3.1.0 - Local File Inclusion

Summary

Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php scripts found on the server file system. We found no vulnerability for uploading files with this theme, so any scripts to be executed must already be on the server file system.

Severity

No CVSS data available.

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

WPScan

References

2 references

URL	Tags
https://wpscan.com/vulnerability/d9518429-79d3-4b…	x_refsource_CONFIRM
https://jetpack.com/2021/06/09/motor-wordpress-th…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Stockware	Motor	Affected: 3.1.0 , < 3.1.0 (custom)

Credits

Harald Eilertsen (Jetpack)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d9518429-79d3-4b13-88ff-3722d05efa9f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jetpack.com/2021/06/09/motor-wordpress-theme-vulnerabilities/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Motor",
          "vendor": "Stockware",
          "versions": [
            {
              "lessThan": "3.1.0",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Harald Eilertsen (Jetpack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php scripts found on the server file system. We found no vulnerability for uploading files with this theme, so any scripts to be executed must already be on the server file system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-06T11:03:26.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/d9518429-79d3-4b13-88ff-3722d05efa9f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jetpack.com/2021/06/09/motor-wordpress-theme-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Motor theme \u003c 3.1.0 - Local File Inclusion",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24375",
          "STATE": "PUBLIC",
          "TITLE": "Motor theme \u003c 3.1.0 - Local File Inclusion"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Motor",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.1.0",
                            "version_value": "3.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Stockware"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Harald Eilertsen (Jetpack)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php scripts found on the server file system. We found no vulnerability for uploading files with this theme, so any scripts to be executed must already be on the server file system."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/d9518429-79d3-4b13-88ff-3722d05efa9f",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/d9518429-79d3-4b13-88ff-3722d05efa9f"
            },
            {
              "name": "https://jetpack.com/2021/06/09/motor-wordpress-theme-vulnerabilities/",
              "refsource": "MISC",
              "url": "https://jetpack.com/2021/06/09/motor-wordpress-theme-vulnerabilities/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24375",
    "datePublished": "2021-07-06T11:03:26.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:28:23.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-69135

CVE-2021-24375 (GCVE-0-2021-24375)

Tags

Sightings

Nomenclature