Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.112813
Category:Web application abuses
Title:WordPress Quiz And Survey Master Plugin < 7.0.1 Multiple Vulnerabilities
Summary:The WordPress plugin Quiz And Survey Master is prone to multiple vulnerabilities.
Description:Summary:
The WordPress plugin Quiz And Survey Master is prone to multiple vulnerabilities.

Vulnerability Insight:
If a quiz contained a file upload which was configured to only accept .txt files,
an executable PHP file could be uploaded by setting the 'Content-Type' field to 'text/plain' to bypass the plugin's weak checks.
This meant that unauthenticated users could upload arbitrary files, including PHP files, to a site and achieve remote code execution
when there was a quiz enabled on the site that allowed file uploads as a response.


Additionally Quiz and Survey Master provides file deletion functionality to remove any files that were uploaded during the quiz.
The 'qsm_remove_file_fd_question' function is registered with a regular AJAX action and a nopriv AJAX action. This meant that the
function could be triggered by unauthenticated users, which is to be expected due to the quizzes not requiring authentication.

Unfortunately, there were no checks when verifying that the file_url supplied for file deletion was from a quiz or survey upload,
so any file could be supplied and subsequently removed. This made it possible for attackers to delete important files like a site's wp-config.php file.

Vulnerability Impact:
Successful exploitation would lead to complete site takeover and hosting account compromise amongst many other scenarios.

Deleting the wp-config.php file would disable a site's database connection and allow an attacker to re-complete the installation procedures
to connect their own database to a site's file system and regenerate a wp-config.php file. At that point they could use this access
to infect other sites on the site's hosting account, or continue to use the site to infect site visitors.

Affected Software/OS:
WordPress Quiz And Survey Master plugin before version 7.0.1.

Solution:
Update to version 7.0.1 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.