CVE-2020-29047 Scanner

CVE-2020-29047 Scanner - Remote Code Execution (RCE) vulnerability in WP Hotel Booking

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

8 days 1 hour

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

WP Hotel Booking is a popular WordPress plugin developed by ThimPress that facilitates online reservation and booking management for hotels. It is widely used by hotel owners and operators to streamline reservation processing through their WordPress sites. The plugin provides features like room availability checking, easy booking management, and automated reservation reminders. Many small to mid-sized hotels and hostels rely on this plugin to enhance their booking capabilities and manage customer interactions efficiently. It integrates seamlessly with WordPress, making it accessible for users without extensive technical knowledge.

This scanner detects a critical Remote Code Execution (RCE) vulnerability within the WP Hotel Booking plugin. The vulnerability arises from improperly handled unserialize operations in the thimpress_hotel_booking_1 cookie. This flaw allows attackers to inject malicious code that the server subsequently executes. The vulnerability has a CVSS score of 9.8, indicating its severe impact on affected systems. It can be exploited remotely without authentication, posing a significant threat to the integrity and security of websites using vulnerable versions of the plugin. Detecting and patching this vulnerability is essential to prevent unauthorized code execution by attackers.

The vulnerability's technical details involve the misuse of the unserialize function in processing the thimpress_hotel_booking_1 cookie. The vulnerable endpoint is included within the session management functionality of the plugin, specifically in load in includes/class-wphb-sessions.php. Attackers can craft a serialized payload that, when passed to this cookie, can trigger arbitrary code execution. The issue stems from deserializing user-controlled data without proper validation. This faulty process opens the door for malicious serialized objects to be injected and executed on the server.

Exploiting this vulnerability can have severe consequences. Successful exploitation allows attackers to execute arbitrary code on the server, leading to potential data breaches. Attackers could gain unauthorized access to sensitive information, modify or steal data, and potentially take control of the server. It also opens possibilities for further attacks, such as installing malware, initiating denial of service, or using the server as a launching point for attacks on other systems.

REFERENCES

Get started to protecting your digital assets