CVE-2021-4436 Scanner

3DPrint Lite is a plugin for WordPress that aims to facilitate the integration and management of 3D printing features on websites. It is used primarily by developers and webmasters who want to incorporate 3D printing capabilities into their WordPress-driven platforms. 3DPrint Lite is valuable in educational environments, online portals dedicated to 3D printing, and e-commerce sites that offer custom printing services. The plugin supports a variety of customization options to accommodate different needs and enhance user interactivity. It caters to an international user base, allowing for multilingual integration and regional adaptations. This plugin remains popular due to its ease of use and range of features, making 3D printing accessible to web owners and users globally.

Arbitrary file upload vulnerabilities allow attackers to upload files of various types without proper validation. In this context, the vulnerability of 3DPrint Lite versions below 1.9.1.5 permits unauthenticated users to upload executable files to the web server. This is done by exploiting a flaw in the p3dlite_handle_upload AJAX action, bypassing typical authentication procedures. The uploaded file can be manipulated on certain server configurations to execute commands locally. Apache servers are partially protected by the presence of a .htaccess file, which limits direct access to uploaded files. The potential risk involves unauthorized file manipulation or data extraction activities, depending on severities and configurations. Proper authorization and file validation checks can mitigate this vulnerability.

The vulnerability in 3DPrint Lite allows files to be uploaded through the AJAX action without authentication checks. This AJAX action named 'p3dlite_handle_upload' insufficiently verifies user permissions, allowing execution of arbitrary PHP code. Files are uploaded without restrictions, and the POST request under raw HTTP facilitates this interaction. Matchers check for specific responses in the body and status code to confirm the vulnerability's presence. The action occurs in 'wp-admin/admin-ajax.php', leveraging multipart form-data for file transmission. When successful, server returns a structured response confirming the uploaded file's name. Proper security protocols are absent before version 1.9.1.5, thus enabling this vulnerability.

Should the vulnerability be exploited, attackers may gain unauthorized access to the server hosting the WordPress site. This could lead to serious repercussions, including data breaches, unauthorized code execution, or defacement of the website. An attacker can upload malicious scripts disguised as legitimate files, which might circumvent standard detection methods. Potential impacts also include data theft, server hijacking, or setting up backdoors for persistent access. These activities not only compromise the website but may also affect server integrity, reputation, and user trust. System administrators could face legal and financial consequences, requiring urgent response to patch the vulnerability.

REFERENCES

• https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282/
• https://nvd.nist.gov/vuln/detail/CVE-2021-4436
• https://github.com/fkie-cad/nvd-json-data-feeds