CVE-2020-36728 Scanner
CVE-2020-36728 Scanner - Arbitrary File Upload vulnerability in WordPress Plugin Adning Advertising
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
15 days 17 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
WordPress is a widely-used content management system that serves as the backbone for millions of websites, from small personal blogs to large corporate sites. One of the platform's key features is its extensive plugin architecture, which allows site owners to extend functionality and customize their websites to suit their needs. Adning Advertising is a popular plugin for WordPress that helps users manage advertising on their sites, providing features to run ads effectively and monetize content. Typically, users of this plugin include web administrators and digital marketers who are focused on optimizing ad performance and generating revenue through advertising. Software like Adning Advertising is instrumental in improving website ad operations, helping to reach targeted audiences, and maximizing ad revenue streams.
The vulnerability in question involves arbitrary file upload, which is a significant security risk allowing attackers to upload malicious files onto server environments. This issue arises from insufficient input validation in file upload functionality, presenting a gateway for threat actors to execute unauthorized actions. Once an attacker leverages this vulnerability, they can potentially gain control over web server operations, enabling further malicious activities. With the possibility of exploiting this vulnerability, it’s essential for affected WordPress plugins to be swiftly updated or patched. Without addressing such vulnerabilities, websites face the risk of being compromised, leading to data breaches and service disruption.
The technical details of the vulnerability include the incorrect handling and validation of file paths and types during the upload process. Attackers can exploit this by constructing requests to upload files such as PHP scripts, which can then be executed on the server. The end point responsible for this vulnerability is usually a specific PHP handler that manages file uploads. Furthermore, parameters like 'allowed_file_types' and 'upload' are often manipulated to escape the intended restrictions, enabling the injection of malicious content. By not strictly enforcing file type checks and path traversal protections, the upload interface becomes vulnerable to exploitation.
If exploited, this vulnerability could have severe implications, allowing attackers to run arbitrary code during the file upload process, leading to unauthorized access and potential site takeover. Unauthorized file uploads can facilitate the installation of backdoors, running of unauthorized scripts, defacement of websites, and complete compromise of data integrity. Moreover, attackers could use this as a foothold to pivot to other parts of the network, escalating privileges, and conducting further attacks leading to extensive damage and loss.
REFERENCES
- https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
- https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
- https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
- https://nvd.nist.gov/vuln/detail/CVE-2020-36728