|Category:||Web application abuses|
|Title:||WordPress Quiz And Survey Master Plugin < 7.0.1 Multiple Vulnerabilities|
|Summary:||The WordPress plugin Quiz And Survey Master is prone to multiple vulnerabilities.|
The WordPress plugin Quiz And Survey Master is prone to multiple vulnerabilities.
If a quiz contained a file upload which was configured to only accept .txt files,
an executable PHP file could be uploaded by setting the 'Content-Type' field to 'text/plain' to bypass the plugin's weak checks.
This meant that unauthenticated users could upload arbitrary files, including PHP files, to a site and achieve remote code execution
when there was a quiz enabled on the site that allowed file uploads as a response.
Additionally Quiz and Survey Master provides file deletion functionality to remove any files that were uploaded during the quiz.
The 'qsm_remove_file_fd_question' function is registered with a regular AJAX action and a nopriv AJAX action. This meant that the
function could be triggered by unauthenticated users, which is to be expected due to the quizzes not requiring authentication.
Unfortunately, there were no checks when verifying that the file_url supplied for file deletion was from a quiz or survey upload,
so any file could be supplied and subsequently removed. This made it possible for attackers to delete important files like a site's wp-config.php file.
Successful exploitation would lead to complete site takeover and hosting account compromise amongst many other scenarios.
Deleting the wp-config.php file would disable a site's database connection and allow an attacker to re-complete the installation procedures
to connect their own database to a site's file system and regenerate a wp-config.php file. At that point they could use this access
to infect other sites on the site's hosting account, or continue to use the site to infect site visitors.
WordPress Quiz And Survey Master plugin before version 7.0.1.
Update to version 7.0.1 or later.
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.