CVE-2018-17207 Scanner

CVE-2018-17207 Scanner - Remote Code Execution (RCE) vulnerability in WordPress Duplicator Plugin

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

20 days 5 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

WordPress Duplicator Plugin is widely used in managing and migrating WordPress sites, simplifying the process of replicating a site or database from one location to another. Developed by Snap Creek, this plugin is favored for site management tasks like backups and site relocations. Its frequent use across various websites makes it a crucial tool for web developers, site administrators, and businesses involved in digital content management. The plugin's utility extends to managing site versions and maintaining integrity during migrations. A standout feature is its user-friendly interface, which automates the complex process of site duplication, easing the workload for technical and non-technical users alike. The flexibility of Duplicator supports various WordPress host configurations, thus serving a broad array of WordPress site needs.

This vulnerability in the WordPress Duplicator Plugin pertains to an arbitrary code execution flaw. It exploits the presence of leftover installation files that can be leveraged by attackers to insert malicious PHP code into the wp-config.php file. The flaw exists in versions prior to 1.2.42, marked by inadequate cleanup of temporary installer scripts, rendering the site vulnerable to attackers. The vulnerability allows attackers to execute arbitrary code remotely, gaining control over the affected site and its database. This weakness is particularly critical because it does not require prior authentication, granting attackers unfettered access. Overall, the vulnerability undermines the site's security posture, leading to potential data breaches or unauthorized site modifications.

The vulnerability is technically detailed by the manipulation of installer.php and installer-backup.php files during the database setup phase. Specifically, during this setup, the attacker can inject malicious PHP code into the wp-config.php file by accessing these installer scripts. The vulnerability occurs as older versions fail to remove these setup files after installation is complete. When accessed, these files can be leveraged to script arbitrary code execution commands. Crafted requests to these files allow the attacker to introduce backdoors or change site configurations. This leads to a compromise, where injected commands are executed, crossing security boundaries. Consequently, attackers can manipulate site data, leading to further exploitation.

Exploitation of this vulnerability can lead to severe repercussions. Malicious actors could gain administrative access, permitting unauthorized actions such as altering, deleting, or exfiltrating data. The trust and integrity of a website could be compromised, damaging its credibility and affecting user confidence. Financial transactions and personal data processed by the affected website may be intercepted and misused. The site could be repurposed for malicious activities, including spreading malware or phishing. Overall, this vulnerability poses a risk of significant operational disruptions and reputational damage to the affected websites.

REFERENCES

Get started to protecting your digital assets