WordPress Memphis Document Library Local File Inclusion Scanner

WordPress Memphis Document Library is a widely used plugin in WordPress environments to manage and organize documents efficiently. It is used by diverse users, ranging from small businesses to large enterprises, who need a streamlined document management solution integrated into their WordPress sites. The plugin provides features for document categorization, secure access, and file organization, making it essential for websites that prioritize document management. With its extensive use cases, the plugin serves educational institutions, corporate sectors, and private entities that require a simplified approach to document accessibility. It is tailored for web administrators who seek ease in document handling without transitioning to an external system, aiming for enhanced workflow management. The compatibility with WordPress centralizes document management within a familiar environment, making it a top choice for WordPress enthusiasts and professionals alike.

A Local File Inclusion (LFI) vulnerability allows attackers to manipulate and include files on a server through web browsers. The vulnerability can be leveraged to disclose sensitive files and potentially escalate to further server-side attacks. Attackers typically exploit LFI vulnerabilities by injecting paths to internal files that should not be accessible. In the context of web applications, this could mean unauthorized access to critical configuration files like wp-config.php. The exploitation requires crafting specific URL patterns that direct the application to include an unintended file, leading to information leakage. LFI vulnerabilities are critical as they serve as a stepping stone to more severe attacks like Remote Code Execution by injecting malicious scripts through accessible local files. Due to its high impact potential, it is classified under CWE-22, which pertains to Path Traversal or directory traversal vulnerabilities.

The Local File Inclusion vulnerability in WordPress Memphis Document Library v3.1.5 specifically affects the endpoint related to image previews within the plugin. Attackers manipulate the 'mdocs-img-preview' parameter to traverse directories and access unintended files such as the wp-config.php, which contains sensitive database credentials. The exploitation process generally involves crafting requests that exploit unsanitized parameters to gain unintended file access. Successful exploitation is indicated by the return of content containing database-related words like "DB_NAME" and "DB_PASSWORD". The vulnerability does not necessarily require authentication, making it even more critical as it could be exploited by a remote unauthenticated attacker. The primary risk lies in the exposure of sensitive information, which could lead to compromising the entire WordPress installation.

Exploiting a Local File Inclusion vulnerability can have severe repercussions for a WordPress site. If an attacker successfully accesses configuration files, they can steal database credentials, leading to data compromise. This can further escalate to gaining unauthorized access to the website's backend if credentials are reused or improperly managed. In environments with weak separation of privileges, the compromised credentials might allow broader access to associated systems and further data theft. Additionally, the attacker could alter the application behavior by accessing files that affect the application logic or exploit other chained vulnerabilities. The LFI serves as an entry point for deploying malicious scripts or creating backdoors to maintain persistent access to the compromised systems.

REFERENCES

• https://www.exploit-db.com/exploits/39593
• https://wpscan.com/vulnerability/53999c06-05ca-44f1-b713-1e4d6b4a3f9f