A new vulnerability (CVE-2023-47679) has been discovered in the popular WordPress plugin, Qi Addons for Elementor, which allows improper limitation of a pathname to a restricted directory. Also known as 'Path Traversal' vulnerability, it potentially enables an attacker to include a locally stored PHP file and execute it on the affected website. This security issue impacts Qi Addons for Elementor versions from n/a through 1.6.3.

In this post, we'll discuss the details of the vulnerability, provide a code snippet to illustrate the issue, cover the links to original references, and look at how to exploit the vulnerability.

Path Traversal Vulnerability in Qi Addons for Elementor

The Qi Addons for Elementor plugin provides a suite of extensions to enhance and customize the popular Elementor page builder used in many WordPress websites. Unfortunately, due to improper limitation of a pathname to a restricted directory, attackers can potentially manipulate file paths and gain unauthorized access to sensitive files.

This vulnerability enables attackers to perform a PHP Local File Inclusion (LFI) attack by including a local PHP file on the server and executing it on the webserver, resulting in a potential compromise of the affected website or unauthorized access to sensitive information.

Here's a simplified example of the vulnerable code found in the Qi Addons for Elementor plugin

$file = $_GET['file'];
include($file . '.php');

In this code snippet, the plugin retrieves the 'file' parameter from a user-submitted query string (URL) and includes the respective PHP file. Since no input validation or sanitization is performed, an attacker can manipulate this parameter to include a local file from a different directory, leading to the execution of the attacker's chosen file on the server.

Exploit Details

To exploit this vulnerability, an attacker would need to craft a malicious URL, including a path traversal payload such as '../' in the 'file' parameter to navigate through directories and target a specific file.

For example, assuming the vulnerable endpoint is at https://example.com/vulnerable_page.php, the attacker could construct a URL like:

https://example.com/vulnerable_page.php?file=../../../../etc/passwd

This URL would cause the web application to read and include the '/etc/passwd' file on the server, which contains user account information.

Original References

For more information about this vulnerability and its potential impact, please refer to the following resources:

1. CVE-2023-47679 Official Listing
2. Qi Addons for Elementor Plugin Page
3. OWASP's Directory Traversal Explanation

Conclusion

CVE-2023-47679 is a critical security issue that impacts Qi Addons for Elementor, potentially enabling attackers to traverse directories and include local PHP files, compromising the affected website or gaining unauthorized access to sensitive information. Developers and website administrators using Qi Addons for Elementor should update to the latest version and ensure that proper input validation and sanitization are implemented to mitigate such vulnerabilities.

The importance of maintaining up-to-date plugins and regularly auditing the security of your website cannot be overstated. Stay informed about vulnerabilities and best practices to ensure your website remains safe and secure.

Timeline

Published on: 05/17/2024 09:15:11 UTC
Last modified on: 05/17/2024 18:36:05 UTC