CVE-2022-1206

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-admin-manage.php#L418
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=cve

Configurations

No configuration.

History

No history.

Information

Published : 2024-08-20 04:15

Updated : 2024-08-20 15:44

NVD link : CVE-2022-1206

Mitre link : CVE-2022-1206

CVE.ORG link : CVE-2022-1206

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2022-1206", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-08-20T04:15:06.787", "references": [{"url": "https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-admin-manage.php#L418", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "The AdRotate Banner Manager \u2013 The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present."}, {"lang": "es", "value": "El complemento AdRotate Banner Manager \u2013 The only ad manager you'll need para WordPress es vulnerable a cargas arbitrarias de archivos debido a la falta de desinfecci\u00f3n de extensiones de archivos en la funci\u00f3n adrotate_insert_media() en todas las versiones hasta la 5.13.2 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, carguen archivos arbitrarios con extensiones dobles en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo. Esto solo se puede explotar en casos seleccionados donde la configuraci\u00f3n ejecutar\u00e1 la primera extensi\u00f3n presente."}], "lastModified": "2024-08-20T15:44:20.567", "sourceIdentifier": "security@wordfence.com"}